[jira] [Commented] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15874861#comment-15874861 ]

sreenivas Harshith commented on SHIRO-613:
------------------------------------------

Because of this issue with expired sessions, I am setting global session timeout to -1 in ini config file so that session never expires and I am running a cron job that checks for last access time for each session and logs out the user depending on my custom session time out. The only way I was able to reproduce was I logged in with same user some 10 times and there were 10 session Ids that were created in the database and I waited for 10 min and tried to login again by supplying the Username and Password and this exception would be thrown randomly during 3 rd or 5th attempt of logging in.

> StoppedSessionException: Session with id has been explicitly stopped.  No further interaction under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-613
>                 URL: https://issues.apache.org/jira/browse/SHIRO-613
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Session Management
>    Affects Versions: 1.3.2
>            Reporter: sreenivas Harshith
>              Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db store for storing sessions. I have set the session timeout to 10 min and I have the same user login multiple times, say 8 times. Once the session is expired I tried to login with same user credentials from a different client and shiro is calling this delete(Session sn) method implemented in my DAO to delete those old sessions that are expired. Once the deletion is completed it throws an exception with the deleted Session id saying org.apache.shiro.session.StoppedSessionException: Session with id [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped.  No further interaction under this session is allowed, and  it fails to login the user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)