https://issues.apache.org/bugzilla/show_bug.cgi?id=57527
--- Comment #4 from rayeas...@163.com --- Thank you Konstantin, this code snippet explains the principle very well. (In reply to Konstantin Kolinko from comment #3) > Request and Response objects must not be accessed outside of request > processing cycle. > > > org.apache.shiro.web.mgt.CookieRememberMeManager.forgetIdentity(CookieRememberMeManager.java:288) > > ~[shiro-web-1.2.2.jar:1.2.2] > > http://svn.apache.org/viewvc/shiro/tags/shiro-root-1.2.2/web/src/main/java/ > org/apache/shiro/web/mgt/CookieRememberMeManager.java?view=markup#l288 > > [[[ > 273 public void forgetIdentity(SubjectContext subjectContext) { > 274 if (WebUtils.isHttp(subjectContext)) { > 275 HttpServletRequest request = WebUtils.getHttpRequest(subjectContext); > 276 HttpServletResponse response = WebUtils.getHttpResponse(subjectContext); > 277 forgetIdentity(request, response); > 278 } > 279 } > ]]] > > As SubjectContext stores a request and response pair, you must never pass > this object to a different thread, you must never store it for longer than > duration of a single request. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org