When a subject logs out, Shiro stops the session automatically. Whenever the session is stopped, or it is found to be expired during validation (either via lookup of an expired session, or during periodic validation by the SessionValidationScheduler), it will by default, automatically be deleted from the data store.
See the DefaultSessionManager#isDeleteInvalidSessions JavaDoc. You can trace this logic and see it work by tracing code starting at AbstractNativeSessionManager#stop(SessionKey). You will see that it eventually calls the sessionDAO.delete method in the DefaultSessionManager implementation. Regards, Les On Thu, Jun 17, 2010 at 2:05 PM, enabler <[email protected]> wrote: > > Ok. I got my session create/read/update working via DB backend. However, I > noticed that delete never gets called, even when you invoke > SecurityUtils.getSubject().logout(). What else do I need to do to invoke > delete()? > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Unable-to-implement-create-read-update-session-tp5183219p5192882.html > Sent from the Shiro User mailing list archive at Nabble.com. >
