Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.2.4
-
None
-
None
-
Linux, Multiple instance environment
Description
Multiple sessions are created when secureCookie = true and eventually deleted, getting UnknownSessionException when shiro is again trying to access the deleted session.
15:59:33,787 DEBUG [Thread-7] AbstractValidatingSessionManager:290 - Invalidated session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b] (expired)
15:59:33,787 DEBUG [Thread-5] DefaultSecurityManager:447 - Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [edd4b1fa-9b36-492a-a22a-b9f677487e0b]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)