shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-298) LogoutFilter should catch the InvalidSessionException
Date Fri, 20 May 2011 18:42:47 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13036994#comment-13036994
] 

Les Hazlewood commented on SHIRO-298:
-------------------------------------

How is it possible that the Session is invalid before this filter is invoked?

The ShiroFilter that constructs the Subject instance ensures the Session is valid before the
rest of the filter chain executes.

Are you calling httpSession.invalidate() before calling Subject.logout()?

If so, that is not necessary - Subject.logout() will invalidate the session automatically.

> LogoutFilter should catch the  InvalidSessionException 
> -------------------------------------------------------
>
>                 Key: SHIRO-298
>                 URL: https://issues.apache.org/jira/browse/SHIRO-298
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.2.0
>            Reporter: calvin xiu
>            Priority: Minor
>
> Should catch InvalidSessionException for session timeout problem.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message