[
https://issues.apache.org/jira/browse/SHIRO-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Demers closed SHIRO-580.
------------------------------
Resolution: Not A Bug
Lets move this discussion to the dev list:
http://shiro.apache.org/mailing-lists.html
At the same time, can you point us to some code? Github project or a little
Pseudo code?
> ShiroHttpServletRequest cached HttpSession
> ------------------------------------------
>
> Key: SHIRO-580
> URL: https://issues.apache.org/jira/browse/SHIRO-580
> Project: Shiro
> Issue Type: Bug
> Reporter: Wei Wang
>
> I try to implement sessionDao with redis
> but I found ShiroHttpServletRequest cached HttpSession
> when i login the system, for preventing session fixation attack, i call
> getSession().stop(), now the redis have no session information, then i call
> httpRequest.getSession(false), it will get the cached HttpSession that is not
> stored in redis. So the Exception will happened
> what should I do to avoid this ?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
