Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-633

Remove HttpSession attributes when invalidated

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.4.0-RC2
    • Fix Version/s: None
    • Component/s: Session Management
    • Labels:
      None
    • Environment:
      4.11.9-1-ARCH x86_64 GNU/Linux

      Description

      When calling logout the HttpSession does not remove the attributes added throughout the session. This results in the HttpSession not being valid after the logout longer valid and the RAP application to wait forever, due to the HttpSessionBindingListener not being called.

      The problem can be found in the RAP forum

      Apache tomcat invalidate states that it should Invalidate the session and then unbind any objects bound to it.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              feanor12 Michael Pusterhofer
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: