Almost everything works good - user can log in and log out. But when he tries to log in again (immediately after logging out and redirecting to login page) the popup appears
Session Expired Take note of any unsaved data, and click here or press ESC key to continue.
Actually, every user action on login page causes this message and elements don’t work on this page (for example, click listener of login button is not called when user presses this button).
I use pretty standard way to handle user session with
Apache Shiro . This one for log in:
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(new UsernamePasswordToken(event.getLogin(), event.getPassword()));
and this one for logging out:
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
How should I handle vaadin session in order to prevent this popup? Maybe I missed some additional steps?
I know nothing about Shiro but what I’m guessing is that you’re not redirecting/reloading the Page after the Session is expired.
In normal Vaadin you should do a Page.reload() or a Page.setLocation(“”) or similar after invalidating the Session.
The errors/exceptions mean that the UI is trying to access a Session which is no longer available…because you/Shiro invalidated it.