之前遇到一个问题,用户登录之后存放在session通过Subject是那不到的,搞了2天才搞明白,下面看一下主要代码:
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="name" value="JESSIONID" />
<property name="path" value="/" />
</bean>
这个bean的作用是创建Cookie用的,在DefaultWebSessionManager中,使用到了这个<span style="font-family: Arial, Helvetica, sans-serif;">Cookie,需要把这个</span><span style="font-family: Arial, Helvetica, sans-serif;">sessionIdCookie注入到</span><span style="font-family: Arial, Helvetica, sans-serif;">DefaultWebSessionManager中,看代码:</span>
<span style="font-family: Arial, Helvetica, sans-serif;"></span><pre name="code" class="java"><!-- 会话管理器 -->
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="globalSessionTimeout" value="3600000" />
<property name="deleteInvalidSessions" value="true" />
<property name="sessionValidationSchedulerEnabled" value="true" />
<property name="sessionValidationInterval" value="10000"/>
<property name="cacheManager" ref="shiroCacheManager" />
<property name="sessionDAO" ref="sessionDAO" />
<property name="sessionIdCookieEnabled" value="true" />
<strong><property name="sessionIdCookie" ref="sessionIdCookie" /></strong>
<property name="sessionListeners">
<list>
<ref bean="sessionListener" />
</list>
</property>
</bean>
看加粗的一行代码,再此注入,功能就完成了,但是为什么会找不到用户的存储在session的信息呢?
问题就在<span style="font-family: Arial, Helvetica, sans-serif;"><property name="name" value="JESSIONID" />这个value的值,看一下</span><span style="font-family: Arial, Helvetica, sans-serif;">DefaultWebSessionManager类中的代码:</span>
<span style="font-family: Arial, Helvetica, sans-serif;"></span><pre name="code" class="java"><pre name="code" class="java"> private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {
String id = this.getSessionIdCookieValue(request, response);
if(id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "cookie");
} else {
id = this.getUriPathSegmentParamValue(request, "JSESSIONID");
if(id == null) {
String name = this.getSessionIdName();
id = request.getParameter(name);
if(id == null) {
id = request.getParameter(name.toLowerCase());
}
}
if(id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, "url");
}
}
if(id != null) {
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
}
return id;
}
看一下这个name,跟自己写的一样,问题就在这.每次创建一个cookie之后,创建的sessionId会添加到cookie中,然后每次请求都会将这个cookie的sessionid传回去进行验证,
如果容器在处理的时候出了问题,则会创建多个name为JSESSIONID的Session,这样就会把自己的session信息给覆盖了,所以解决办法很简单,将自己的Cookie的name改一下就可以了:
<bean id="sessionIdCookie" class="org.apache.shiro.web.servlet.SimpleCookie">
<property name="name" value="jsId" />
<property name="path" value="/" />
</bean>