We would need to see a little more code, and ideally the full stacktrace to judge what is going on.
My guess though is you have invalidated the session (for example on a logout) and are trying to create a new session. Normally you shouldn't need to handle any of this type of logic (Shiro does all of this for you in the ShiroFilter), but we would need more details to see what is going on. -Brian On Tue, Feb 11, 2020 at 5:55 AM Joud Kassem <[email protected]> wrote: > Hi all, > > I'm getting this strange error on: > "org.apache.shiro.session.InvalidSessionException: > java.lang.IllegalStateException: getAttribute: Session already invalidated" > > on: > > HttpSessionManager.sessionCreated(session, SecurityUtils.subject.principal) > > The error comes from SecurityUtils.subject.principal > The attribute that's causing the error > is > org.apache.shiro.subject.support.DelegatingSubject.RUN_AS_PRINCIPALS_SESSION_KEY > > Any idea why? > > Thanks in advance, > Joud > >
