shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Wang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (SHIRO-580) ShiroHttpServletRequest cached HttpSession
Date Tue, 16 Aug 2016 02:21:20 GMT
Wei Wang created SHIRO-580:
------------------------------

             Summary: ShiroHttpServletRequest cached HttpSession
                 Key: SHIRO-580
                 URL: https://issues.apache.org/jira/browse/SHIRO-580
             Project: Shiro
          Issue Type: Bug
            Reporter: Wei Wang


I try to implement sessionDao with redis

but I found ShiroHttpServletRequest cached HttpSession

when i login the system, for preventing session fixation attack, i call getSession().stop(),
now the redis have no session information, then i call httpRequest.getSession(false), it will
get the cached HttpSession that is not stored in redis.  So the Exception will happened

what should I do to avoid this ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message