[SHIRO-580] ShiroHttpServletRequest cached HttpSession - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Bug
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

I try to implement sessionDao with redis

but I found ShiroHttpServletRequest cached HttpSession

when i login the system, for preventing session fixation attack, i call getSession().stop(), now the redis have no session information, then i call httpRequest.getSession(false), it will get the cached HttpSession that is not stored in redis. So the Exception will happened

what should I do to avoid this ?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Wei Wang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Aug/16 02:20

Updated:: 16/Aug/16 14:18

Resolved:: 16/Aug/16 14:18