[jira] [Commented] (SHIRO-614) UnknownSessionException when shiro is again trying to access the deleted session.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SHIRO-614) UnknownSessionException when shiro is again trying to access the deleted session.

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SHIRO-614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15876051#comment-15876051 ]

Nishok commented on SHIRO-614:
------------------------------

[~sreenivash09] Thank you, before trying it out i have few other clarifications as well,

I am getting this exception only while setting the secureCookie as true. Otherwise only one session is maintained, and it gets deleted when calling Subject.logout().

I need to know when there are multiple sessions created, how do we control the lifeTime of each session created internally by Shiro(to know when it gets invalidated)? This time is not same as global session time out.



> UnknownSessionException when shiro is again trying to access the deleted session.
> ---------------------------------------------------------------------------------
>
>                 Key: SHIRO-614
>                 URL: https://issues.apache.org/jira/browse/SHIRO-614
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Configuration, Session Management, Subject
>    Affects Versions: 1.2.4
>         Environment: Linux, Multiple instance environment
>            Reporter: Nishok
>
> Multiple sessions are created when secureCookie = true and eventually deleted, getting UnknownSessionException when shiro is again trying to access the deleted session.
> 15:59:33,787 DEBUG [Thread-7] AbstractValidatingSessionManager:290 - Invalidated session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b] (expired)
> 15:59:33,787 DEBUG [Thread-5] DefaultSecurityManager:447 - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
> org.apache.shiro.session.UnknownSessionException: There is no session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b]
> at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
> at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
> at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
> at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
> at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
> at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
> at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
> at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
> at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)