You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Steve (JIRA)" <ji...@apache.org> on 2014/02/25 08:21:19 UTC

[jira] [Created] (SHIRO-486) HttpSessionBindingListener not called when session expires

Steve created SHIRO-486:
---------------------------

             Summary: HttpSessionBindingListener not called when session expires
                 Key: SHIRO-486
                 URL: https://issues.apache.org/jira/browse/SHIRO-486
             Project: Shiro
          Issue Type: Bug
          Components: Session Management
    Affects Versions: 1.2.2, 1.2.1
         Environment: jdk7 
            Reporter: Steve


I posted this in the user mailing list, but after some debugging I think it is a bug in shiro's native session management: It seems that the HttpSessionBindingListener  that spring installs is not called on destroy, so Spring is not able to delete session-scoped beans.

>From the mailing list post:

 I'm having problems with session-scoped beans like this one 
  
@Named 
@Scope(proxyMode = ScopedProxyMode.TARGET_CLASS, value = "session") 
public class SessionBean { 
  
    @PostConstruct 
    public void init() 
  
    @PreDestroy 
    public void destroy() 
} 
  
Using Shiro's default "ServletContainerSessionManager" both methods are called as expected, but when I switch to native session management with DefaultWebSessionManager the pre-destroy method is never called (post construct gets called). The validationScheduler runs, and the globalSessionTimeout has been set. 
  
Anyone knows whats happening here ? I've uploaded a small example project on http://ge.tt/8Co4haK1/v/0  (just comment out the sessionManager in applicationContext.xml to see the working @PreDestroy). 





--
This message was sent by Atlassian JIRA
(v6.1.5#6160)