You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/08/16 14:19:22 UTC
[jira] [Closed] (SHIRO-580) ShiroHttpServletRequest cached
HttpSession
[ https://issues.apache.org/jira/browse/SHIRO-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Demers closed SHIRO-580.
------------------------------
Resolution: Not A Bug
Lets move this discussion to the dev list: http://shiro.apache.org/mailing-lists.html
At the same time, can you point us to some code? Github project or a little Pseudo code?
> ShiroHttpServletRequest cached HttpSession
> ------------------------------------------
>
> Key: SHIRO-580
> URL: https://issues.apache.org/jira/browse/SHIRO-580
> Project: Shiro
> Issue Type: Bug
> Reporter: Wei Wang
>
> I try to implement sessionDao with redis
> but I found ShiroHttpServletRequest cached HttpSession
> when i login the system, for preventing session fixation attack, i call getSession().stop(), now the redis have no session information, then i call httpRequest.getSession(false), it will get the cached HttpSession that is not stored in redis. So the Exception will happened
> what should I do to avoid this ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)