Are you creating a new security manager for each request?
I’m not sure how you are using this logic, but you should let Shiro do all of this for you (via the ShiroFilter). -Brian > On Mar 1, 2020, at 2:43 PM, tommyhp2 <[email protected]> wrote: > > Hi Brian, > > Thanks for the prompt feedback. Here's the code I used to check for the > session: > > https://pastebin.com/F5SMmLpq > > The shiro.ini is very basic and minimal: > > [main] > [users] > [roles] > [urls] > /** = anon > > Most of the content (99%) in shiro.ini are comments and examples as notes > for future implementation of authentication and authorization. > > > > -- > Sent from: http://shiro-user.582556.n2.nabble.com/
