https://issues.apache.org/bugzilla/show_bug.cgi?id=57527
--- Comment #3 from Konstantin Kolinko <knst.koli...@gmail.com> --- Request and Response objects must not be accessed outside of request processing cycle. > org.apache.shiro.web.mgt.CookieRememberMeManager.forgetIdentity(CookieRememberMeManager.java:288) > ~[shiro-web-1.2.2.jar:1.2.2] http://svn.apache.org/viewvc/shiro/tags/shiro-root-1.2.2/web/src/main/java/org/apache/shiro/web/mgt/CookieRememberMeManager.java?view=markup#l288 [[[ 273 public void forgetIdentity(SubjectContext subjectContext) { 274 if (WebUtils.isHttp(subjectContext)) { 275 HttpServletRequest request = WebUtils.getHttpRequest(subjectContext); 276 HttpServletResponse response = WebUtils.getHttpResponse(subjectContext); 277 forgetIdentity(request, response); 278 } 279 } ]]] As SubjectContext stores a request and response pair, you must never pass this object to a different thread, you must never store it for longer than duration of a single request. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org