This issue might be closely related to what Bernhard is seeing too. I don't know something about his post that sounds familiar, all dealing with SessionID.
"Do you have a test that can re-create the issue so I can troubleshoot? " Don't they all always ask that question. If I could isolate to that level, then I could debug and figure it out. Unfortunately, except for giving you our entire project (Which we can't, maybe one day we can fly you out to Vegas), there is no way to get to that level. I am sorry. I have though been debugging through Shiro code while the error occurs, and it is completely baffling. Basically what I have noticed that seemed interesting at the time. 1) Stepping through the DefaultWebSecurityManager where it tries to create a SubjectContext and getSessionId. The context's sessionId is being set to null, when the error occurs. However, in the DefaultSessionManager, it is somehow coming up with a SessionID. But never uses it to populate the SubjectContext. I am also wondering if my customization causes this in some odd way, but I have done so much that I am lost at what might have cause it. Here is my Spring configuration for SessionManager and SessionDAO So what that says to me, is that in all cases regarding Sessions, it will always only store in the cacheManager, which is our custom CacheManager which returns a custom Cache implementation which writes to Redis. Wait, thought Sessions themselves in this environment would be HttpSessions stored via Tomcat. So if I restart Tomcat, and there is a lingering cookie for sessionID in the browser for a previous session in the old run of Tomcat, then any attempt to look up that sessionID would result it not finding it in Tomcat. Then trying to look in the Cache for it. But in the cache/Redis that entry could be gone. Maybe because of a Time To live or something else. But I would also assume that if you can't find any sessionId in Tomcat or the cache that it would automatically generate a new SessionId and then just use that??? Just ideas. Mark -- View this message in context: http://shiro-user.582556.n2.nabble.com/SesionID-is-null-exception-tp7578406p7578415.html Sent from the Shiro User mailing list archive at Nabble.com.
