1.异常信息
org.apache.shiro.session.ExpiredSessionException: Session with id [4608cc87-4f8f-4617-8e9c-6a31f5e68efb] has expired. Last access time: 19-11-29 上午9:32. Current time: 19-11-29 上午9:32. Session timeout is set to 0 seconds (0 minutes)
2.产生此异常的两种情况:
1.把sessionManager管理交给了shiro 指定本系统SESSIONID, 默认为: JSESSIONID 问题: 与SERVLET容器名冲突, 如JETTY, TOMCAT 等默认JSESSIONID, 当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失!
springboot解决方案
public SimpleCookie rememberMeCookie(){
SimpleCookie cookie = new SimpleCookie("sid"); // cookie的name,对应的默认是 JSESSIONID
cookie.setHttpOnly(true);
cookie.setPath("/"); // path为 / 用于多个系统共享JSESSIONID
cookie.setMaxAge(-1);
return cookie;
}
2.redisManager设置的超时时间和sessionManager设置的超时时间不相同会导致此异常
@Bean
public RedisManager redisManager() {
RedisManager redisManager = new RedisManager(); // crazycake 实现
redisManager.setHost("123.52.118.106:6379");
redisManager.setTimeout(1800000);
redisManager.setDatabase(0);
return redisManager;
}
@Bean
public SessionManager sessionManager(RedisSessionDAO redisSessionDAO){
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
sessionManager.setGlobalSessionTimeout(60); // 设置session超时
sessionManager.setDeleteInvalidSessions(true); // 删除无效session
sessionManager.setSessionIdCookie(cookie()); // 设置JSESSIONID
sessionManager.setSessionDAO(redisSessionDAO);
sessionManager.setSessionIdUrlRewritingEnabled(false);
sessionManager.setSessionIdCookieEnabled(true);
return sessionManager;
}
将redisManager.setTimeout(1800000);和sessionManager.setGlobalSessionTimeout(1800000);时间修改一致异常解决