shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "sreenivas Harshith (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.
Date Tue, 21 Feb 2017 13:04:44 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15875930#comment-15875930
] 

sreenivas Harshith edited comment on SHIRO-613 at 2/21/17 1:04 PM:
-------------------------------------------------------------------

[~bdemers]


Found the Issue. The issue was with this SecurityUtils.getSubject() method I used to acquire
the current executing user. This method uses ThreadContext and I guess the subject is getting
shared across threads as I am Using TomEE With Http-Nio. After I login some 5 times, the next
call to login again SecurityUtils.getSubject().IsAuthenticated() returns true even before
I call this  login(token); and when i check the principals its the same User. I changed it
to 
Subject currentUser = new Subject.Builder().buildSubject();
After this change I am getting unique Session Id for each login Attempt and even if some sessions
are expired its not complaining.



was (Author: sreenivash09):
[~bdemers]




> StoppedSessionException: Session with id has been explicitly stopped.  No further interaction
under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-613
>                 URL: https://issues.apache.org/jira/browse/SHIRO-613
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Session Management
>    Affects Versions: 1.3.2
>            Reporter: sreenivas Harshith
>              Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db store for
storing sessions. I have set the session timeout to 10 min and I have the same user login
multiple times, say 8 times. Once the session is expired I tried to login with same user credentials
from a different client and shiro is calling this delete(Session sn) method implemented in
my DAO to delete those old sessions that are expired. Once the deletion is completed it throws
an exception with the deleted Session id saying org.apache.shiro.session.StoppedSessionException:
Session with id [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped.  No further
interaction under this session is allowed, and  it fails to login the user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message