Wei Wang created SHIRO-580:
------------------------------
Summary: ShiroHttpServletRequest cached HttpSession
Key: SHIRO-580
URL: https://issues.apache.org/jira/browse/SHIRO-580
Project: Shiro
Issue Type: Bug
Reporter: Wei Wang
I try to implement sessionDao with redis
but I found ShiroHttpServletRequest cached HttpSession
when i login the system, for preventing session fixation attack, i call
getSession().stop(), now the redis have no session information, then i call
httpRequest.getSession(false), it will get the cached HttpSession that is not
stored in redis. So the Exception will happened
what should I do to avoid this ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
