JIRA posted: https://issues.apache.org/jira/browse/SHIRO-512
On Aug 7, 2014, at 11:10 AM, Lenny Primak wrote: > Also, I am not using ShiroFilter, but as far as I can see it doesn't do a > touch() on the session, > so it shouldn't matter as far as I can see. > > Anyone has any ideas? > > Thanks > > On Aug 7, 2014, at 1:47 AM, Lenny Primak wrote: > >> I am using Shiro 1.2.3 >> >> I cannot find anywhere that Shiro uses HttpSessionListener to trap >> sessionDestroyed event from the container. >> I believe this is leading to a rare race condition in my application, as >> Shiro thinks the session is still active, >> but in reality, the web session has been destroyed. >> >> Am I missing something or is this a bug? Should I file a JIRA? >> >> Code: SecurityUtils.getSubject().getPrincipal(); >> >> Relevant bit of stack trace: >> >> Caused by: org.apache.shiro.session.InvalidSessionException: >> java.lang.IllegalStateException: PWC2778: getAttribute: Session already >> invalidated >> at >> org.apache.shiro.web.session.HttpServletSession.getAttribute(HttpServletSession.java:148) >> at >> org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) >> at >> org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) >> at >> org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) >> at >> org.apache.shiro.subject.support.DelegatingSubject.getPrincipal(DelegatingSubject.java:149) >> >> >
