[SHIRO-633] Remove HttpSession attributes when invalidated - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 1.4.0-RC2
Fix Version/s: None
Component/s: Session Management
Labels:
None
Environment:
4.11.9-1-ARCH x86_64 GNU/Linux

Description

When calling logout the HttpSession does not remove the attributes added throughout the session. This results in the HttpSession not being valid after the logout longer valid and the RAP application to wait forever, due to the HttpSessionBindingListener not being called.

The problem can be found in the RAP forum

Apache tomcat invalidate states that it should Invalidate the session and then unbind any objects bound to it.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Michael Pusterhofer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 22/Jul/17 09:57

Updated:: 23/Jul/17 17:33