[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

sreenivas Harshith (JIRA) Tue, 21 Feb 2017 05:05:30 -0800

    [ 
https://issues.apache.org/jira/browse/SHIRO-613?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15875930#comment-15875930
 ]


sreenivas Harshith edited comment on SHIRO-613 at 2/21/17 1:04 PM:
-------------------------------------------------------------------

[~bdemers]


Found the Issue. The issue was with this SecurityUtils.getSubject() method I 
used to acquire the current executing user. This method uses ThreadContext and 
I guess the subject is getting shared across threads as I am Using TomEE With 
Http-Nio. After I login some 5 times, the next call to login again 
SecurityUtils.getSubject().IsAuthenticated() returns true even before I call 
this  login(token); and when i check the principals its the same User. I 
changed it to 
Subject currentUser = new Subject.Builder().buildSubject();
After this change I am getting unique Session Id for each login Attempt and 
even if some sessions are expired its not complaining.



was (Author: sreenivash09):
[~bdemers]




> StoppedSessionException: Session with id has been explicitly stopped.  No 
> further interaction under this session is allowed.
> ----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-613
>                 URL: https://issues.apache.org/jira/browse/SHIRO-613
>             Project: Shiro
>          Issue Type: Bug
>          Components: Authentication (log-in), Session Management
>    Affects Versions: 1.3.2
>            Reporter: sreenivas Harshith
>              Labels: Sessiontimeout, StoppedSessionException, login, session
>
> I am using default shiro native session manager and Session DAO backed by Db 
> store for storing sessions. I have set the session timeout to 10 min and I 
> have the same user login multiple times, say 8 times. Once the session is 
> expired I tried to login with same user credentials from a different client 
> and shiro is calling this delete(Session sn) method implemented in my DAO to 
> delete those old sessions that are expired. Once the deletion is completed it 
> throws an exception with the deleted Session id saying 
> org.apache.shiro.session.StoppedSessionException: Session with id 
> [a9dd97a1-90d4-435c-b363-f74052dfa0dc] has been explicitly stopped.  No 
> further interaction under this session is allowed, and  it fails to login the 
> user.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Comment Edited] (SHIRO-613) StoppedSessionException: Session with id has been explicitly stopped. No further interaction under this session is allowed.

Reply via email to