Hi,
I am having a problem when re-login a user whose session managed by
Shiro has been expired. This issue (SHIRO-329) is supposed to be fixed
in version 1.2.0, but still I am having this problem even in version 1.2.2.
Below is my test code snippet, which throws an UnknownSessionException.
Factory<SecurityManager> factory = new
IniSecurityManagerFactory("classpath:shiro.conf");
SecurityUtils.setSecurityManager(factory.getInstance());
UsernamePasswordToken token = new UsernamePasswordToken("user",
"pass");
Subject subject = SecurityUtils.getSubject();
subject.login(token);
subject.getSession().setTimeout(0);
System.out.println("user is authenticated::
"+subject.getSession().getId());
subject = SecurityUtils.getSubject();
subject.logout();
//subject.login(token);
UnknownSessionException is thrown both at the place of subject.logout()
and the second login attempt (commented out). A quick debug showed me
that the authentication happens correctly but after that when
re-attaching some properties like host, session to SubjectContext tries
to load the previous invalidated/expired session and the exception is
thrown.
Is there any work around for this?
Thanks in advance.
Best Regards,
/Dewan
