Hi Les,
I think you got this. It seems to be the error scenario I am facing with
Vaadin too. I will try to find an simple example.
Thanks Eduard
On 21-Jan-13 23:11, Les Hazlewood wrote:
Hi John,
I *think* I might know how this might occur:
If you call logout() it terminates the backing session. If, later,
during the same thread execution (but before the response is
complete), a new subject instance is created or someone/something
attempts to create a new session using the session id of the session
that was just terminated, this exception would likely occur.
Most people issue a redirect immediately after calling
subject.logout() to ensure that potential things 'further down' the
stack don't attempt to use or create a new session.
Now, I don't know if this is exactly what is occurring in your case,
but it's a hunch. If anyone has a sample web app that can re-create
this, I can give it a more in-depth look as soon as I'm able.
HTH,
--
Les Hazlewood | @lhazlewood
CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
Stormpath wins GigaOM Structure Launchpad Award! http://bit.ly/MvZkMk
On Mon, Jan 21, 2013 at 10:25 AM, John Moore <[email protected]
<mailto:[email protected]>> wrote:
Still struggling with this. Forget what I said in the first post -
this is
completely reproducible in a new web application. It's some
interaction
between Shiro native sessions and Grails, which changed between
Grails 1.3.x
and Grails 2. In Grails 2, when native sessions are used,
SecurityUtils.getSubject().logout() causes the
UnknownSessionException when
the response is rendered. With Grails 1.3.x this works fine.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/What-might-cause-an-UnknownSessionException-tp7578179p7578187.html
Sent from the Shiro User mailing list archive at Nabble.com.
