[jira] [Commented] (SHIRO-298) LogoutFilter should catch the InvalidSessionException

Les Hazlewood (JIRA) Fri, 20 May 2011 11:43:31 -0700

    [ 
https://issues.apache.org/jira/browse/SHIRO-298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13036994#comment-13036994
 ]


Les Hazlewood commented on SHIRO-298:
-------------------------------------

How is it possible that the Session is invalid before this filter is invoked?

The ShiroFilter that constructs the Subject instance ensures the Session is 
valid before the rest of the filter chain executes.

Are you calling httpSession.invalidate() before calling Subject.logout()?

If so, that is not necessary - Subject.logout() will invalidate the session 
automatically.

> LogoutFilter should catch the  InvalidSessionException 
> -------------------------------------------------------
>
>                 Key: SHIRO-298
>                 URL: https://issues.apache.org/jira/browse/SHIRO-298
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.2.0
>            Reporter: calvin xiu
>            Priority: Minor
>
> Should catch InvalidSessionException for session timeout problem.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (SHIRO-298) LogoutFilter should catch the InvalidSessionException

Reply via email to