Steve created SHIRO-486:
---------------------------
Summary: HttpSessionBindingListener not called when session expires
Key: SHIRO-486
URL: https://issues.apache.org/jira/browse/SHIRO-486
Project: Shiro
Issue Type: Bug
Components: Session Management
Affects Versions: 1.2.2, 1.2.1
Environment: jdk7
Reporter: Steve
I posted this in the user mailing list, but after some debugging I think it is
a bug in shiro's native session management: It seems that the
HttpSessionBindingListener that spring installs is not called on destroy, so
Spring is not able to delete session-scoped beans.
>From the mailing list post:
I'm having problems with session-scoped beans like this one
@Named
@Scope(proxyMode = ScopedProxyMode.TARGET_CLASS, value = "session")
public class SessionBean {
@PostConstruct
public void init()
@PreDestroy
public void destroy()
}
Using Shiro's default "ServletContainerSessionManager" both methods are called
as expected, but when I switch to native session management with
DefaultWebSessionManager the pre-destroy method is never called (post construct
gets called). The validationScheduler runs, and the globalSessionTimeout has
been set.
Anyone knows whats happening here ? I've uploaded a small example project on
http://ge.tt/8Co4haK1/v/0 (just comment out the sessionManager in
applicationContext.xml to see the working @PreDestroy).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
