Just read my response and realized that I didn't explain the problem very well. I also misread your message, so ignore most of my last response.
When using container-backed sessions, subject.logout() will invalidate the current session (this is a good thing, you don't want it reused). However, you won't get a new session from the server (jetty, tomcat, whatever) until you submit a new request. So, if your logout page, after invalidating the current session, attempts to display some sort of information that it pulls from the session, it's going to throw this exception. My best advice here is, don't. Remove that information from the logout page. On 06/21/2011 09:22 AM, Jared Bunting wrote: > I can't answer definitively without seeing source and stacktrace, but my > suspicion is that you're using container sessions, and on the same page > you're attempting to get a session-bound attribute. > > Is this code intended to logout the user whenever they access the login > page? I would suggest instead having an explicit logout url that > performs the logout and then redirects to the login page. Or, at the > very least, in your if statement there, doing a redirect to login rather > than continuing to render the page (not sure if that's > possible...haven't messed with jsp in awhile). > > On 06/21/2011 09:13 AM, pranay wrote: >> Thanks again Jared. >> >> If you or someone else knows the answer to the problem mentioned at >> http://shiro-user.582556.n2.nabble.com/help-when-I-login-secord-throws-getAttribute-Session-already-invalidated-td6233721.html >> please do help. >> >> I am facing the same issue when calling the following logic in my >> logout.jspx (error thrown is: java.lang.IllegalStateException: getAttribute: >> Session already invalidated). Same error is thrown if I call >> Subject.isAuthenticated(). It seems Shiro is not setting some expected >> session attribute. >> >> <c:if test="${pageContext['request'].userPrincipal != null}"> >> <jsp:scriptlet> >> SecurityUtils.getSubject().logout(); >> </jsp:scriptlet> >> <util:panel id="title" title="Good Bye!"> >> <div>You were successfully logged out.</div> >> </util:panel> >> </c:if> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Newbie-question-on-Shiro-tp6499510p6500149.html >> Sent from the Shiro User mailing list archive at Nabble.com.
