You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Brian Demers (JIRA)" <ji...@apache.org> on 2016/08/16 14:19:22 UTC

[jira] [Closed] (SHIRO-580) ShiroHttpServletRequest cached HttpSession

     [ https://issues.apache.org/jira/browse/SHIRO-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brian Demers closed SHIRO-580.
------------------------------
    Resolution: Not A Bug

Lets move this discussion to the dev list: http://shiro.apache.org/mailing-lists.html

At the same time, can you point us to some code? Github project or a little Pseudo code?

> ShiroHttpServletRequest cached HttpSession
> ------------------------------------------
>
>                 Key: SHIRO-580
>                 URL: https://issues.apache.org/jira/browse/SHIRO-580
>             Project: Shiro
>          Issue Type: Bug
>            Reporter: Wei Wang
>
> I try to implement sessionDao with redis
> but I found ShiroHttpServletRequest cached HttpSession
> when i login the system, for preventing session fixation attack, i call getSession().stop(), now the redis have no session information, then i call httpRequest.getSession(false), it will get the cached HttpSession that is not stored in redis.  So the Exception will happened
> what should I do to avoid this ?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)