You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Maarten Bosteels <mb...@gmail.com> on 2009/04/08 00:14:35 UTC
KiHttpSession.invalidate() doesn't seem to work
Hello,
I am trying out the spring-sample on trunk.
URL: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
Revision: 761927
* login as user1
* set value = ABC
* logout
* login as user2 (same browser)
=> I see the value saved by user1 (and the same session id)
I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
maven jetty:run
I added some logging in LoginController and LogoutController and this
is the output:
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.getCreationTime()=1239141131962
...
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session=org.apache.ki.web.servlet.KiHttpSession@46752d
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.getCreationTime()=1239141131962
private void logSession(String when, HttpServletRequest request) {
HttpSession session = request.getSession(false);
logger.info(when + ": session=" + session);
if (session != null) {
logger.info(when + ": session.id=" + session.getId());
logger.info(when + ": session.getCreationTime()=" +
session.getCreationTime());
}
}
By the way, I had to make some minor changes to
trunk/samples/spring/pom.xml before I could run the application:
--- pom.xml (revision 761927)
+++ pom.xml (working copy)
@@ -85,10 +85,12 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
+ <scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
@@ -98,6 +100,21 @@
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>hsqldb</groupId>
+ <artifactId>hsqldb</artifactId>
+ <version>${hsqldbVersion}</version>
+ <scope>runtime</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jstl</artifactId>
+ <version>1.2</version>
+ <scope>runtime</scope>
+ </dependency>
+
</dependencies>
regards,
Maarten
Re: KiHttpSession.invalidate() doesn't seem to work
Posted by Les Hazlewood <lh...@apache.org>.
Hi Maarten,
It looks like you found a bug that I introduced last week. But I've
committed a fix. Please update the trunk and try again. Thanks so much for
pointing this out!
Cheers,
Les
On Fri, Apr 17, 2009 at 7:02 PM, Les Hazlewood <lh...@apache.org>wrote:
> P.S. Thanks for the pom changes, they worked perfectly!
>
>
> On Fri, Apr 17, 2009 at 7:01 PM, Les Hazlewood <lh...@apache.org>wrote:
>
>> Hi Maarten,
>>
>> I finally had time to try this out. I do indeed see what you're
>> describing - it is probably an invalid cache configuration on my part. I'll
>> play with it a bit and see what I did wrong.
>>
>> Cheers,
>>
>> Les
>>
>>
>> On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <mbosteels.dns@gmail.com
>> > wrote:
>>
>>> Hello,
>>>
>>> I am trying out the spring-sample on trunk.
>>>
>>> URL:
>>> https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
>>> Revision: 761927
>>>
>>> * login as user1
>>> * set value = ABC
>>> * logout
>>> * login as user2 (same browser)
>>> => I see the value saved by user1 (and the same session id)
>>>
>>> I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
>>> maven jetty:run
>>>
>>> I added some logging in LoginController and LogoutController and this
>>> is the output:
>>>
>>> 2009-04-07 23:52:18,968 INFO
>>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>>> invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
>>> 2009-04-07 23:52:18,968 INFO
>>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>>> invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
>>> 2009-04-07 23:52:18,968 INFO
>>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>>> invalidated: session.getCreationTime()=1239141131962
>>> ...
>>> 2009-04-07 23:52:21,612 INFO
>>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>>> session=org.apache.ki.web.servlet.KiHttpSession@46752d
>>> 2009-04-07 23:52:21,612 INFO
>>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>>> session.id=27c182a9-093a-4d94-8525-89828c8f40fe
>>> 2009-04-07 23:52:21,612 INFO
>>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>>> session.getCreationTime()=1239141131962
>>>
>>> private void logSession(String when, HttpServletRequest request) {
>>> HttpSession session = request.getSession(false);
>>> logger.info(when + ": session=" + session);
>>> if (session != null) {
>>> logger.info(when + ": session.id=" + session.getId());
>>> logger.info(when + ": session.getCreationTime()=" +
>>> session.getCreationTime());
>>> }
>>> }
>>>
>>> By the way, I had to make some minor changes to
>>> trunk/samples/spring/pom.xml before I could run the application:
>>>
>>> --- pom.xml (revision 761927)
>>> +++ pom.xml (working copy)
>>> @@ -85,10 +85,12 @@
>>> <dependency>
>>> <groupId>org.slf4j</groupId>
>>> <artifactId>slf4j-log4j12</artifactId>
>>> + <scope>runtime</scope>
>>> </dependency>
>>> <dependency>
>>> <groupId>log4j</groupId>
>>> <artifactId>log4j</artifactId>
>>> + <scope>runtime</scope>
>>> </dependency>
>>> <dependency>
>>> <groupId>org.springframework</groupId>
>>> @@ -98,6 +100,21 @@
>>> <groupId>org.springframework</groupId>
>>> <artifactId>spring-webmvc</artifactId>
>>> </dependency>
>>> +
>>> + <dependency>
>>> + <groupId>hsqldb</groupId>
>>> + <artifactId>hsqldb</artifactId>
>>> + <version>${hsqldbVersion}</version>
>>> + <scope>runtime</scope>
>>> + </dependency>
>>> +
>>> + <dependency>
>>> + <groupId>javax.servlet</groupId>
>>> + <artifactId>jstl</artifactId>
>>> + <version>1.2</version>
>>> + <scope>runtime</scope>
>>> + </dependency>
>>> +
>>> </dependencies>
>>>
>>>
>>> regards,
>>> Maarten
>>>
>>
>>
>
Re: KiHttpSession.invalidate() doesn't seem to work
Posted by Les Hazlewood <lh...@apache.org>.
P.S. Thanks for the pom changes, they worked perfectly!
On Fri, Apr 17, 2009 at 7:01 PM, Les Hazlewood <lh...@apache.org>wrote:
> Hi Maarten,
>
> I finally had time to try this out. I do indeed see what you're describing
> - it is probably an invalid cache configuration on my part. I'll play with
> it a bit and see what I did wrong.
>
> Cheers,
>
> Les
>
>
> On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <mb...@gmail.com>wrote:
>
>> Hello,
>>
>> I am trying out the spring-sample on trunk.
>>
>> URL:
>> https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
>> Revision: 761927
>>
>> * login as user1
>> * set value = ABC
>> * logout
>> * login as user2 (same browser)
>> => I see the value saved by user1 (and the same session id)
>>
>> I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
>> maven jetty:run
>>
>> I added some logging in LoginController and LogoutController and this
>> is the output:
>>
>> 2009-04-07 23:52:18,968 INFO
>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>> invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
>> 2009-04-07 23:52:18,968 INFO
>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>> invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
>> 2009-04-07 23:52:18,968 INFO
>> [org.apache.ki.samples.spring.web.LogoutController] - after session
>> invalidated: session.getCreationTime()=1239141131962
>> ...
>> 2009-04-07 23:52:21,612 INFO
>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>> session=org.apache.ki.web.servlet.KiHttpSession@46752d
>> 2009-04-07 23:52:21,612 INFO
>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>> session.id=27c182a9-093a-4d94-8525-89828c8f40fe
>> 2009-04-07 23:52:21,612 INFO
>> [org.apache.ki.samples.spring.web.LoginController] - before login:
>> session.getCreationTime()=1239141131962
>>
>> private void logSession(String when, HttpServletRequest request) {
>> HttpSession session = request.getSession(false);
>> logger.info(when + ": session=" + session);
>> if (session != null) {
>> logger.info(when + ": session.id=" + session.getId());
>> logger.info(when + ": session.getCreationTime()=" +
>> session.getCreationTime());
>> }
>> }
>>
>> By the way, I had to make some minor changes to
>> trunk/samples/spring/pom.xml before I could run the application:
>>
>> --- pom.xml (revision 761927)
>> +++ pom.xml (working copy)
>> @@ -85,10 +85,12 @@
>> <dependency>
>> <groupId>org.slf4j</groupId>
>> <artifactId>slf4j-log4j12</artifactId>
>> + <scope>runtime</scope>
>> </dependency>
>> <dependency>
>> <groupId>log4j</groupId>
>> <artifactId>log4j</artifactId>
>> + <scope>runtime</scope>
>> </dependency>
>> <dependency>
>> <groupId>org.springframework</groupId>
>> @@ -98,6 +100,21 @@
>> <groupId>org.springframework</groupId>
>> <artifactId>spring-webmvc</artifactId>
>> </dependency>
>> +
>> + <dependency>
>> + <groupId>hsqldb</groupId>
>> + <artifactId>hsqldb</artifactId>
>> + <version>${hsqldbVersion}</version>
>> + <scope>runtime</scope>
>> + </dependency>
>> +
>> + <dependency>
>> + <groupId>javax.servlet</groupId>
>> + <artifactId>jstl</artifactId>
>> + <version>1.2</version>
>> + <scope>runtime</scope>
>> + </dependency>
>> +
>> </dependencies>
>>
>>
>> regards,
>> Maarten
>>
>
>
Re: KiHttpSession.invalidate() doesn't seem to work
Posted by Les Hazlewood <lh...@apache.org>.
Hi Maarten,
I finally had time to try this out. I do indeed see what you're describing
- it is probably an invalid cache configuration on my part. I'll play with
it a bit and see what I did wrong.
Cheers,
Les
On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <mb...@gmail.com>wrote:
> Hello,
>
> I am trying out the spring-sample on trunk.
>
> URL:
> https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
> Revision: 761927
>
> * login as user1
> * set value = ABC
> * logout
> * login as user2 (same browser)
> => I see the value saved by user1 (and the same session id)
>
> I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
> maven jetty:run
>
> I added some logging in LoginController and LogoutController and this
> is the output:
>
> 2009-04-07 23:52:18,968 INFO
> [org.apache.ki.samples.spring.web.LogoutController] - after session
> invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
> 2009-04-07 23:52:18,968 INFO
> [org.apache.ki.samples.spring.web.LogoutController] - after session
> invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
> 2009-04-07 23:52:18,968 INFO
> [org.apache.ki.samples.spring.web.LogoutController] - after session
> invalidated: session.getCreationTime()=1239141131962
> ...
> 2009-04-07 23:52:21,612 INFO
> [org.apache.ki.samples.spring.web.LoginController] - before login:
> session=org.apache.ki.web.servlet.KiHttpSession@46752d
> 2009-04-07 23:52:21,612 INFO
> [org.apache.ki.samples.spring.web.LoginController] - before login:
> session.id=27c182a9-093a-4d94-8525-89828c8f40fe
> 2009-04-07 23:52:21,612 INFO
> [org.apache.ki.samples.spring.web.LoginController] - before login:
> session.getCreationTime()=1239141131962
>
> private void logSession(String when, HttpServletRequest request) {
> HttpSession session = request.getSession(false);
> logger.info(when + ": session=" + session);
> if (session != null) {
> logger.info(when + ": session.id=" + session.getId());
> logger.info(when + ": session.getCreationTime()=" +
> session.getCreationTime());
> }
> }
>
> By the way, I had to make some minor changes to
> trunk/samples/spring/pom.xml before I could run the application:
>
> --- pom.xml (revision 761927)
> +++ pom.xml (working copy)
> @@ -85,10 +85,12 @@
> <dependency>
> <groupId>org.slf4j</groupId>
> <artifactId>slf4j-log4j12</artifactId>
> + <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>log4j</groupId>
> <artifactId>log4j</artifactId>
> + <scope>runtime</scope>
> </dependency>
> <dependency>
> <groupId>org.springframework</groupId>
> @@ -98,6 +100,21 @@
> <groupId>org.springframework</groupId>
> <artifactId>spring-webmvc</artifactId>
> </dependency>
> +
> + <dependency>
> + <groupId>hsqldb</groupId>
> + <artifactId>hsqldb</artifactId>
> + <version>${hsqldbVersion}</version>
> + <scope>runtime</scope>
> + </dependency>
> +
> + <dependency>
> + <groupId>javax.servlet</groupId>
> + <artifactId>jstl</artifactId>
> + <version>1.2</version>
> + <scope>runtime</scope>
> + </dependency>
> +
> </dependencies>
>
>
> regards,
> Maarten
>