I'm seeing an exception when users log out of my Wicket application. It
seems that the session is being looked up again after it has already been
removed. See the exception below.
This was not happening when using Wicket 1.4.6, but when I upgrade to 1.4.15
I am getting exceptions. I have confirmed that simply changing wicket
versions makes the problem go away or start happening -- no other changes
are made to the app except upgrading Wicket.
I have this logic in my AuthenticatedSession class (extends wicket's
WebSession) that is called when a user requests to log out:
public boolean logout() {
log.info("Member logout:
"+SecurityUtils.getSubject().getPrincipal());
SecurityUtils.getSubject().logout();
if (SecurityUtils.getSubject().isAuthenticated())
dirty();
else
invalidate();
return true;
}
I can't even remember now why I have that isAuthenticated() test and logic
in there. At some point it must have done something, but maybe all I need
now is just:
SecurityUtils.getSubject().logout();
When I remove the if/then clause, I no longer get an exception. But I'm
confused why upgrading Wicket would cause this to happen, as it seems
unrelated.
Any thoughts on what's going on here?
Tauren
2011-02-08 00:58:06,478 WARN - AbstractHttpSessionStore - Error while
invalidating Session Store: Session already invalidated
java.lang.IllegalStateException:
org.apache.shiro.session.UnknownSessionException: There is no session with
id [939f87f4-ee49-4347-944c-82e5cb95bebb]
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:133)
at
org.apache.wicket.protocol.http.AbstractHttpSessionStore.invalidate(AbstractHttpSessionStore.java:210)
at org.apache.wicket.Session.invalidateNow(Session.java:882)
at org.apache.wicket.Session.detach(Session.java:1196)
at com.sprtz.web.AuthenticatedSession.detach(AuthenticatedSession.java:72)
at org.apache.wicket.RequestCycle.threadDetach(RequestCycle.java:1481)
at org.apache.wicket.RequestCycle.detach(RequestCycle.java:1218)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1462)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
at
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:486)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:319)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:359)
at
org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:275)
at
org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at
org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at
org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:344)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:272)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:81)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at
org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1088)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360)
at
org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:729)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:324)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:505)
at
org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:829)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:513)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:211)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:380)
at
org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
Caused by: org.apache.shiro.session.UnknownSessionException: There is no
session with id [939f87f4-ee49-4347-944c-82e5cb95bebb]
at
org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:109)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:206)
at
org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141)
at
org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121)
at
org.apache.shiro.web.servlet.ShiroHttpSession.getAttribute(ShiroHttpSession.java:131)
... 38 more
