You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run latest webapi w/ openid for example. Any attempt to retrieve session information after the filter above has been triggered as part of a later /user/refresh will fail with org.apache.shiro.subject.support.DisabledSessionException. Try for example the following steps:
add some code like this to a custom filter that runs after UPDATE_TOKEN in the /user/refresh endpoint
Expected behavior
Session should only be removed when logging out, or upon expiration.
Actual behavior
Because of a call to
session.stop()insrc/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java(seeuc-cdis@32e90bc#diff-2ab1eba233c07d9653dbc0312742cf31baea8a755f797445784064efa44f88f9L118-L122), the session is removed in endpoints where it should not (like /user/refresh).
Steps to reproduce behavior
Run latest webapi w/ openid for example. Any attempt to retrieve session information after the filter above has been triggered as part of a later /user/refresh will fail with
org.apache.shiro.subject.support.DisabledSessionException. Try for example the following steps:The text was updated successfully, but these errors were encountered: