[SHIRO-374] Session Cookie will not be deleted on subjects logout - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: 1.2.0
Fix Version/s: None
Component/s: Session Management, Subject
Labels:
None
Environment:
GF3.1.2, JSF

Description

Our web application initializes Shiro through an .ini file. Within the ini file we set the application cookie as following:

Cookie Management
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = AppCookie
cookie.secure = true
cookie.httpOnly = false
securityManager.sessionManager.sessionIdCookie = $cookie

Shiro runs in "native" session mode. When an user enters the application the MyCookie and an JSESSIONID cookie will be created. The session will be authenticated on subject.login(...). Everything works fine until the user log out and we call subject.logout() method.

It seems that the JSESSIONID cookie will not be deleted. The value of the cookie stays always the same, while the value(id) of our AppCookie always change. The problem is that the user get the same session again if he log in again. That means that the settings the user made before logout already exists on relogin.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

appcookies.png
13/Jul/12 04:08
23 kB
Sven Moschel

Activity

People

Assignee:: Unassigned

Reporter:: Sven Moschel

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jul/12 04:07

Updated:: 12/Apr/15 03:27

Resolved:: 24/Jul/12 21:28