Hi Didier, This is very strange indeed - I've never seen it before.
Are you using shiro's native sessions? Or the default servlet container sessions? Can we see your shiro configuration (e.g. shiro.ini or other similar mechanism)? Or, it would be easiest if you could create an extremely simple webapp (.war file) and attach it to a Jira issue. Then we could test it out for ourselves and use a debugger. I'm very happy to help - it just that a test .war would help us get an answer much faster. Cheers, Les On Sun, Aug 8, 2010 at 12:06 PM, dbathily <[email protected]> wrote: > > Hello > > I try to use shiro to secure a gwt application. I meets a very strange > problem, probably a bug. For simple testing, I created a servlet with only > this code. > > public void service(ServletRequest request, ServletResponse response) > throws ServletException, IOException { > logger.debug(request.getParameter("username")); > logger.debug(request.getParameter("password")); > > Subject currentUser = SecurityUtils.getSubject(); > > logger.debug(currentUser.getSession().getId()); > if(!currentUser.isAuthenticated()) { > logger.debug("User is not authenticated. Try to > authenticate"); > UsernamePasswordToken token = new > UsernamePasswordToken("admin", > "admin"); > currentUser.login(token); > } > logger.debug("Is user authenticated ?" + > currentUser.isAuthenticated()); > logger.debug(currentUser.getPrincipal()); > logger.debug(currentUser.getSession().getId()); > } > > When I call the servlet directly, authentication succeed but it is not > persisted. currentUser.isAuthenticated() is always false in other call. Here > are 2 logs for this > > http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-1-log.txt > direct-call-1-log.txt > http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-2-log.txt > direct-call-2-log.txt > > I notice that the session id change for each request. On the other side, > when I pass through a jsp which contains a form, Authentication is > persisted. Here are the logs > > http://shiro-user.582556.n2.nabble.com/file/n5386790/form-call-1-log.txt > form-call-1-log.txt > http://shiro-user.582556.n2.nabble.com/file/n5386790/direct-call-3-log.txt > direct-call-3-log.txt > > Someone understand why this happen? > Thank you for your help > > Didier Bathily > PS: Sorry for my English, i'm French ;) > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Login-not-persisted-in-session-tp5386790p5386790.html > Sent from the Shiro User mailing list archive at Nabble.com. >
