Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-298

LogoutFilter should catch the InvalidSessionException

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.2.0
    • Component/s: Web
    • Labels:
      None

      Description

      Should catch InvalidSessionException for session timeout problem.

        Issue Links

          Activity

          Hide
          lhazlewood Les Hazlewood added a comment -

          Closing with the 1.2.0 release.

          Show
          lhazlewood Les Hazlewood added a comment - Closing with the 1.2.0 release.
          Hide
          calvinxiu calvin xiu added a comment -

          yes, the http session is easy to expire, so the logout filter catch this exception will be better.

          Show
          calvinxiu calvin xiu added a comment - yes, the http session is easy to expire, so the logout filter catch this exception will be better.
          Hide
          kaosko Kalle Korhonen added a comment -

          Client tries to use a session that has expired already, right? There are lots of cases where some existing system invalidates user's session before Shiro, so I'd say this is valid.

          Show
          kaosko Kalle Korhonen added a comment - Client tries to use a session that has expired already, right? There are lots of cases where some existing system invalidates user's session before Shiro, so I'd say this is valid.
          Hide
          lhazlewood Les Hazlewood added a comment -

          How is it possible that the Session is invalid before this filter is invoked?

          The ShiroFilter that constructs the Subject instance ensures the Session is valid before the rest of the filter chain executes.

          Are you calling httpSession.invalidate() before calling Subject.logout()?

          If so, that is not necessary - Subject.logout() will invalidate the session automatically.

          Show
          lhazlewood Les Hazlewood added a comment - How is it possible that the Session is invalid before this filter is invoked? The ShiroFilter that constructs the Subject instance ensures the Session is valid before the rest of the filter chain executes. Are you calling httpSession.invalidate() before calling Subject.logout()? If so, that is not necessary - Subject.logout() will invalidate the session automatically.

            People

            • Assignee:
              Unassigned
              Reporter:
              calvinxiu calvin xiu
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development