Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.2.1, 1.2.2
-
None
-
None
-
jdk7
Description
I posted this in the user mailing list, but after some debugging I think it is a bug in shiro's native session management: It seems that the HttpSessionBindingListener that spring installs is not called on destroy, so Spring is not able to delete session-scoped beans.
From the mailing list post:
I'm having problems with session-scoped beans like this one
@Named
@Scope(proxyMode = ScopedProxyMode.TARGET_CLASS, value = "session")
public class SessionBean {
@PostConstruct
public void init()
@PreDestroy
public void destroy()
}
Using Shiro's default "ServletContainerSessionManager" both methods are called as expected, but when I switch to native session management with DefaultWebSessionManager the pre-destroy method is never called (post construct gets called). The validationScheduler runs, and the globalSessionTimeout has been set.
Anyone knows whats happening here ? I've uploaded a small example project as an attachement (just comment out the sessionManager in applicationContext.xml to see the working @PreDestroy).