You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by NabbleSometimesSucks <bi...@yahoo.com> on 2013/06/20 01:48:25 UTC
Restarting Tomcat, user no longer logged in, but there is still the
JSESSIONID cookie
So I know this used to work, but now it isn't
Basically, I login to my webapp. I get the JSESSIONID cookie on my browser.
I stop the web container then restart it. The page is refreshed and shows
that the user is not logged in. but the JSESSIONID cookie is still showing
up
<http://shiro-user.582556.n2.nabble.com/file/n7578858/Screen_Shot_2013-06-19_at_4.46.53_PM.png>
That cookie should no longer be there. And I am NOT using rememberMe.
Thanks
Mark
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Restarting-Tomcat-user-no-longer-logged-in-but-there-is-still-the-JSESSIONID-cookie-tp7578858.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Restarting Tomcat, user no longer logged in, but there is still
the JSESSIONID cookie
Posted by Nagaraju Kurma <na...@enhancesys.com>.
how to redirect to previous activity page once the user logged in after
session timeout in apache shiro
On Sat, Jun 22, 2013 at 5:38 AM, NabbleSometimesSucks <
bigtrashcaninthesky@yahoo.com> wrote:
> Thanks, but it should remove because of the refresh and that they are no
> longer logged in. If they were logged in the top image would show the
> username and a logout link. like
>
> <
> http://shiro-user.582556.n2.nabble.com/file/n7578869/Screen_Shot_2013-06-21_at_5.05.10_PM.png
> >
>
>
> And on the server side there is the exception
> with now this sessionID (this is a day later so the image in my OP was a
> different login.
>
> <
> http://shiro-user.582556.n2.nabble.com/file/n7578869/Screen_Shot_2013-06-21_at_5.06.52_PM.png
> >
>
>
>
>
>
> Thanks for you help
>
> Mark
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/Restarting-Tomcat-user-no-longer-logged-in-but-there-is-still-the-JSESSIONID-cookie-tp7578858p7578869.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
--
Regards,****
Nagaraju.
Re: Restarting Tomcat, user no longer logged in, but there is still
the JSESSIONID cookie
Posted by NabbleSometimesSucks <bi...@yahoo.com>.
Thanks, but it should remove because of the refresh and that they are no
longer logged in. If they were logged in the top image would show the
username and a logout link. like
<http://shiro-user.582556.n2.nabble.com/file/n7578869/Screen_Shot_2013-06-21_at_5.05.10_PM.png>
And on the server side there is the exception
with now this sessionID (this is a day later so the image in my OP was a
different login.
<http://shiro-user.582556.n2.nabble.com/file/n7578869/Screen_Shot_2013-06-21_at_5.06.52_PM.png>
Thanks for you help
Mark
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Restarting-Tomcat-user-no-longer-logged-in-but-there-is-still-the-JSESSIONID-cookie-tp7578858p7578869.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Restarting Tomcat, user no longer logged in, but there is still
the JSESSIONID cookie
Posted by Les Hazlewood <lh...@apache.org>.
Hi Mark,
The JSESSIONID cookie is stored in the browser - restarting a web
container has no effect on whether that cookie will exist on the
browser or not.
If you're using Shiro's native session clustering, then the Sessions
are persisted in your session store and will still be available after
container restarts. This is by design to ensure that when a web node
in a cluster dies, it does not remove the session so it can be used on
another node.
If you're not using Shiro's native sessions, and you haven't clustered
your web container, then you should see the JSESSIONID cookie be
replaced with a new one on container restart.
HTH,
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Wed, Jun 19, 2013 at 4:48 PM, NabbleSometimesSucks
<bi...@yahoo.com> wrote:
> So I know this used to work, but now it isn't
>
> Basically, I login to my webapp. I get the JSESSIONID cookie on my browser.
>
> I stop the web container then restart it. The page is refreshed and shows
> that the user is not logged in. but the JSESSIONID cookie is still showing
> up
>
> <http://shiro-user.582556.n2.nabble.com/file/n7578858/Screen_Shot_2013-06-19_at_4.46.53_PM.png>
>
> That cookie should no longer be there. And I am NOT using rememberMe.
>
> Thanks
>
> Mark
>
>
>
> --
> View this message in context: http://shiro-user.582556.n2.nabble.com/Restarting-Tomcat-user-no-longer-logged-in-but-there-is-still-the-JSESSIONID-cookie-tp7578858.html
> Sent from the Shiro User mailing list archive at Nabble.com.