[jira] [Updated] (SHIRO-633) Remove HttpSession attributes when invalidated

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (SHIRO-633) Remove HttpSession attributes when invalidated

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/SHIRO-633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Pusterhofer updated SHIRO-633:
--------------------------------------
    Description:
When calling logout the HttpSession does not remove the attributes added throughout the session. This results in the HttpSession not being valid after the logout longer valid and the RAP application to wait forever, due to the HttpSessionBindingListener not being called.

The problem can be found in the  [RAP forum|https://www.eclipse.org/forums/index.php/t/1087620/]

[Apache tomcat invalidate|https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/http/HttpSession.html#invalidate()] states that it should Invalidate the session and then unbind any objects bound to it.

  was:
When calling logout the HttpSession does not remove the attributes added throughout the session. This results in the HttpSession not being valid after the logout longer valid and the RAP application to wait forever, due to the HttpSessionBindingListener not being called.

The problem can be found in the  [RAP forum|https://www.eclipse.org/forums/index.php/t/1087620/]


> Remove HttpSession attributes when invalidated
> ----------------------------------------------
>
>                 Key: SHIRO-633
>                 URL: https://issues.apache.org/jira/browse/SHIRO-633
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.3.0
>         Environment: 4.11.9-1-ARCH x86_64 GNU/Linux
>            Reporter: Michael Pusterhofer
>
> When calling logout the HttpSession does not remove the attributes added throughout the session. This results in the HttpSession not being valid after the logout longer valid and the RAP application to wait forever, due to the HttpSessionBindingListener not being called.
> The problem can be found in the  [RAP forum|https://www.eclipse.org/forums/index.php/t/1087620/]
> [Apache tomcat invalidate|https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/http/HttpSession.html#invalidate()] states that it should Invalidate the session and then unbind any objects bound to it.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)