shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei Wang (JIRA)" <>
Subject [jira] [Created] (SHIRO-580) ShiroHttpServletRequest cached HttpSession
Date Tue, 16 Aug 2016 02:21:20 GMT
Wei Wang created SHIRO-580:

             Summary: ShiroHttpServletRequest cached HttpSession
                 Key: SHIRO-580
             Project: Shiro
          Issue Type: Bug
            Reporter: Wei Wang

I try to implement sessionDao with redis

but I found ShiroHttpServletRequest cached HttpSession

when i login the system, for preventing session fixation attack, i call getSession().stop(),
now the redis have no session information, then i call httpRequest.getSession(false), it will
get the cached HttpSession that is not stored in redis.  So the Exception will happened

what should I do to avoid this ?

This message was sent by Atlassian JIRA

View raw message