I can't answer definitively without seeing source and stacktrace, but my suspicion is that you're using container sessions, and on the same page you're attempting to get a session-bound attribute.
Is this code intended to logout the user whenever they access the login page? I would suggest instead having an explicit logout url that performs the logout and then redirects to the login page. Or, at the very least, in your if statement there, doing a redirect to login rather than continuing to render the page (not sure if that's possible...haven't messed with jsp in awhile). On 06/21/2011 09:13 AM, pranay wrote: > Thanks again Jared. > > If you or someone else knows the answer to the problem mentioned at > http://shiro-user.582556.n2.nabble.com/help-when-I-login-secord-throws-getAttribute-Session-already-invalidated-td6233721.html > please do help. > > I am facing the same issue when calling the following logic in my > logout.jspx (error thrown is: java.lang.IllegalStateException: getAttribute: > Session already invalidated). Same error is thrown if I call > Subject.isAuthenticated(). It seems Shiro is not setting some expected > session attribute. > > <c:if test="${pageContext['request'].userPrincipal != null}"> > <jsp:scriptlet> > SecurityUtils.getSubject().logout(); > </jsp:scriptlet> > <util:panel id="title" title="Good Bye!"> > <div>You were successfully logged out.</div> > </util:panel> > </c:if> > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Newbie-question-on-Shiro-tp6499510p6500149.html > Sent from the Shiro User mailing list archive at Nabble.com.
