Destroy SessionScoped CDI beans during Shiro logout

Question

The problem is that the session scoped beans are not destroyed before the session-timeout is reached.

Therefore I have two questions regarding the following logout procedure:

Is this the right way to use shiro logout (see logout() below)
What would be the proper way to destroy the CDI session-scoped beans during logout.

page.xhtml:

beans:

@Named
@SessionScoped
public class mySessionBean implements Serializable {
}

@Named
@SessionScoped
public class myOtherBean extends Observable implements Serializable {
    @Inject
    private Subject subject;

    public void logout(){

      subject.logout();

// this line throws the exception
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

      FacesContext.getCurrentInstance().getExternalContext()
            .redirect(servlet.getContextPath() + "/logout");
    }
}

shiro.ini:

[main]
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
securityManager.sessionManager.sessionDAO = $sessionDAO
....
logout=org.apache.shiro.web.filter.authc.LogoutFilter
logout.redirectUrl = /login.xhtml

....
[urls]
/logout = logout

Exception:

The following exception is thrown when I call FacesContext.getCurrentInstance().getExternalContext().invalidateSession();

 java.lang.IllegalStateException:
 org.apache.shiro.session.UnknownSessionException:
 There is no session with id [e5939658-c033-4e67-984f-23cadfbc06fb]

Additional information: I am running Wildfly 8.2.0.Final.

Thanks.

Destroy SessionScoped CDI beans during Shiro logout

Answers (1)

Related Questions