[
https://issues.apache.org/jira/browse/SHIRO-374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood closed SHIRO-374.
-------------------------------
> Session Cookie will not be deleted on subjects logout
> -----------------------------------------------------
>
> Key: SHIRO-374
> URL: https://issues.apache.org/jira/browse/SHIRO-374
> Project: Shiro
> Issue Type: Bug
> Components: Session Management, Subject
> Affects Versions: 1.2.0
> Environment: GF3.1.2, JSF
> Reporter: Sven Moschel
> Attachments: appcookies.png
>
>
> Our web application initializes Shiro through an .ini file. Within the ini
> file we set the application cookie as following:
> # Cookie Management
> cookie =
> org.apache.shiro.web.servlet.SimpleCookie
> cookie.name = AppCookie
> cookie.secure = true
> cookie.httpOnly = false
> securityManager.sessionManager.sessionIdCookie = $cookie
> Shiro runs in "native" session mode. When an user enters the application the
> MyCookie and an JSESSIONID cookie will be created. The session will be
> authenticated on subject.login(...). Everything works fine until the user log
> out and we call subject.logout() method.
> It seems that the JSESSIONID cookie will not be deleted. The value of the
> cookie stays always the same, while the value(id) of our AppCookie always
> change. The problem is that the user get the same session again if he log in
> again. That means that the settings the user made before logout already
> exists on relogin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
