Just a quick update - things are going well with the final fix. I'll have this committed today. I'll have to merge in my branch to trunk at that point.
- Les On Tue, May 18, 2010 at 9:58 AM, Les Hazlewood (JIRA) <j...@apache.org> wrote: > > [ > https://issues.apache.org/jira/browse/SHIRO-164?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12868736#action_12868736 > ] > > Les Hazlewood commented on SHIRO-164: > ------------------------------------- > > Hi Guys, > > This is great feedback - thanks! Log messages and stack traces are > definitely better than none - don't apologize for that :) > > The solution in place has one issue that does not clean up session id cookies > properly after invalidation. I'll fix that now and then we should be done. > > Thanks again, > > Les > >> The request/response pair should be available at all times to web-related >> components >> ------------------------------------------------------------------------------------ >> >> Key: SHIRO-164 >> URL: https://issues.apache.org/jira/browse/SHIRO-164 >> Project: Shiro >> Issue Type: Bug >> Components: Session Management >> Reporter: Tauren Mills >> >> According to Les, for web-initiated interaction, you should not be seeing >> these messages: >> DEBUG - DefaultWebSessionManager - No request or response bound to >> the thread. Session ID cookie cannot be removed. This could occur in >> a web application that also services non web clients (e.g. RMI >> remoting). >> DEBUG - DefaultWebSessionManager - Request or response object is not >> bound to the thread. Assuming this session start activity is due to a >> non web request (possible in a web application that also services non >> web clients. >> Full thread available here, with logs: >> http://shiro-user.582556.n2.nabble.com/Intermittent-problems-with-SecurityUtils-getSubject-getPrincipal-td5067869.html#a5068081 > > -- > This message is automatically generated by JIRA. > - > You can reply to this email to add a comment to the issue online. > >
