Can you create a test case to verify this? If so, then this is a bug and should be fixed immediately.
However if you look at the DefaultSecurityManager.logout implementation, it definitely does call stopSession. Sounds a little weird - can you demonstrate this in a test case? It could be as easy as creating a mock SessionDAO and asserting that its delete method was called. In any event, if you still do not see the session being deleted, please open a Jira issue. Les On Thu, Jun 17, 2010 at 3:43 PM, enabler <[email protected]> wrote: > > So I ran the trace in debug and got following trace: > - [Thread: qtp0-4]18:07:56.774 DEBUG > [org.apache.shiro.session.mgt.AbstractSessionManager] Stopping session with > id [1276812180204] > > <!--- This is line is from my update(Session session) code ---> > - [Thread: qtp0-4]18:07:56.774 INFO [mypkg.SessionDAO] >>> updateSession > id: 1276812180204 > <!--- This is line is from my update(Session session) code ---> > > - [Thread: qtp0-4]18:07:56.899 DEBUG > [org.apache.shiro.web.attr.CookieAttribute] Not value found in request > Cookies under cookie name [JSESSIONID] > - [Thread: qtp0-4]18:07:56.899 DEBUG > [org.apache.shiro.web.attr.CookieAttribute] Not value found in request > Cookies under cookie name [rememberMe] > - [Thread: qtp0-12]18:07:56.899 DEBUG > [org.apache.shiro.web.attr.CookieAttribute] Not value found in request > Cookies under cookie name [JSESSIONID] > - [Thread: qtp0-12]18:07:56.899 DEBUG > [org.apache.shiro.session.mgt.DefaultSessionManager] Creating new EIS > record for new session instance [ sessio > > So I do see calls being made to AbstractSessionManager > (AbstractNativeSessionManager) and my update code but it never calls the > delete(). And but ofcourse, it doesn't delete the record from DB backend. > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Unable-to-implement-create-read-update-session-tp5183219p5193282.html > Sent from the Shiro User mailing list archive at Nabble.com. >
