[jira] [Commented] (SHIRO-614) UnknownSessionException when shiro is again trying to access the deleted session.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SHIRO-614) UnknownSessionException when shiro is again trying to access the deleted session.

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15875911#comment-15875911 ]

Nishok commented on SHIRO-614:

[~bdemers]  Thank you for your response.

I am facing this in a multiple instance environment.{Web /OsGi service }. When the request is passed from web to service, along with headers and session id, the Osgi service is unable to pick the right session and hence i get this exception(UnknownSessionException). Is this fixed in 1.3 version?

FYI, I am storing the session in DB so that it is available across JVM. I am using a customized sessionDao to create and delete the sessions.

And, Shiro creates multiple sessions when secureCookie is set to true, is this expected behaviour / implementation? If so what is the purpose.

Since i have written customised code on top of Shiro, i am feeling that, upgrading would affect the existing functionality.

> UnknownSessionException when shiro is again trying to access the deleted session.
> ---------------------------------------------------------------------------------
>                 Key: SHIRO-614
>                 URL: https://issues.apache.org/jira/browse/SHIRO-614
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Configuration, Session Management, Subject
>    Affects Versions: 1.2.4
>         Environment: Linux, Multiple instance environment
>            Reporter: Nishok
> Multiple sessions are created when secureCookie = true and eventually deleted, getting UnknownSessionException when shiro is again trying to access the deleted session.
> 15:59:33,787 DEBUG [Thread-7] AbstractValidatingSessionManager:290 - Invalidated session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b] (expired)
> 15:59:33,787 DEBUG [Thread-5] DefaultSecurityManager:447 - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
> org.apache.shiro.session.UnknownSessionException: There is no session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b]
> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
> at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
> at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)

This message was sent by Atlassian JIRA