getAttribute: Session already invalidated

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

getAttribute: Session already invalidated

Joud Kassem
Hi all,

I'm getting this strange error on:
  "org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated" 

on: 
HttpSessionManager.sessionCreated(session, SecurityUtils.subject.principal)
The error comes from SecurityUtils.subject.principal  
The attribute that's causing the error is org.apache.shiro.subject.support.DelegatingSubject.RUN_AS_PRINCIPALS_SESSION_KEY

Any idea why?

Thanks in advance,
Joud

Reply | Threaded
Open this post in threaded view
|

Re: getAttribute: Session already invalidated

Brian Demers
We would need to see a little more code, and ideally the full stacktrace to judge what is going on.

My guess though is you have invalidated the session (for example on a logout) and are trying to create a new session.
Normally you shouldn't need to handle any of this type of logic (Shiro does all of this for you in the ShiroFilter), but we would need more details to see what is going on.

-Brian

On Tue, Feb 11, 2020 at 5:55 AM Joud Kassem <[hidden email]> wrote:
Hi all,

I'm getting this strange error on:
  "org.apache.shiro.session.InvalidSessionException: java.lang.IllegalStateException: getAttribute: Session already invalidated" 

on: 
HttpSessionManager.sessionCreated(session, SecurityUtils.subject.principal)
The error comes from SecurityUtils.subject.principal  
The attribute that's causing the error is org.apache.shiro.subject.support.DelegatingSubject.RUN_AS_PRINCIPALS_SESSION_KEY

Any idea why?

Thanks in advance,
Joud