springboot整合shiro的session问题UnknownSessionException There is no session with id

最新推荐文章于 2024-06-01 15:23:13 发布
最新推荐文章于 2024-06-01 15:23:13 发布
阅读量752 收藏 5
点赞数 1
分类专栏: java 文章标签: java 后端
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/web15286201346/article/details/124420812
版权

报错信息如下

[2018-12-19 02:25:13.852][http-nio-8077-exec-8][DEBUG][org.apache.shiro.web.servlet.SimpleCookie][389]:Found 'SHRIOSESSIONID' cookie value [2387e612-1c34-44b5-b00f-faa2937e2c7f]
[2018-12-19 02:25:13.853][http-nio-8077-exec-8][DEBUG][org.apache.shiro.mgt.DefaultSecurityManager][447]:Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [2387e612-1c34-44b5-b00f-faa2937e2c7f]
	at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:140) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:156) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456) ~[shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442) [shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338) [shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846) [shiro-core-1.3.1.jar:1.3.1]
	at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148) [shiro-web-1.3.1.jar:1.3.1]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292) [shiro-web-1.3.1.jar:1.3.1]
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359) [shiro-web-1.3.1.jar:1.3.1]
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) [shiro-web-1.3.1.jar:1.3.1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:83) [druid-1.1.5.jar:1.1.5]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.3.13.RELEASE.jar:4.3.13.RELEASE]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.23.jar:8.5.23]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]

报错原因分析

Shiro 框架中的 SessionManager 默认实现为 DefaultWebSessionManager,DefaultWebSessionManager的构造方法如下

public DefaultWebSessionManager() {

         Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);

         cookie.setHttpOnly(true); //more secure, protects against XSS attacks

         this.sessionIdCookie = cookie;

         this.sessionIdCookieEnabled = true;

         this.sessionIdUrlRewritingEnabled = true;

    }

其中Cookie使用的是 SimpleCookie,SimpleCookie构造用的名字为ShiroHttpSession.DEFAULT_SESSION_ID_NAME,追踪可以看到

public static final String DEFAULT_SESSION_ID_NAME = "JSESSIONID";

也就是说Shiro 框架中的 SessionManager的默认实现 DefaultWebSessionManager,使用的Cookie的名称为"JSESSIONID",与SERVLET容器(如JETTY, TOMCAT)默认的Cookie名冲突了,当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失。

修改一下shiroconfig配置:

修改方式为SHRIOSESSIONID–>shiro.sesssion

//自定义session管理器
@Bean
    public SessionManager sessionManager() {
        ShiroSessionManager customDefaultWebSessionManager = new ShiroSessionManager();
        customDefaultWebSessionManager.setSessionDAO(new PmsSessionDao());
        Collection<SessionListener> listeners = new ArrayList<>();
        listeners.add(new PmsSessionListener());
        customDefaultWebSessionManager.setSessionListeners(listeners);
        customDefaultWebSessionManager.setSessionFactory(new PmsSessionFactory());
        customDefaultWebSessionManager.setSessionIdCookie(sessionIdCookie());//设置SimpleCookie
        return customDefaultWebSessionManager;
    }

    @Bean(name = "simpleCookie")
    public SimpleCookie sessionIdCookie() {
        //DefaultSecurityManager
        SimpleCookie simpleCookie = new SimpleCookie();
        //sessionManager.setCacheManager(ehCacheManager());
        //如果在Cookie中设置了"HttpOnly"属性,那么通过程序(JS脚本、Applet等)将无法读取到Cookie信息,这样能有效的防止XSS攻击。
        simpleCookie.setHttpOnly(true);
//		simpleCookie.setName("SHRIOSESSIONID");
        simpleCookie.setName("shiro.sesssion");
        //单位秒
        simpleCookie.setMaxAge(3600);
        return simpleCookie;
    }

大致就这样解决了

web15286201346
关注
专栏目录
Spring Boot + Shiro 实现 Session 持久化实现思路及遗留问题
DN金猿的博客
07-23 302
从这个角度而言,我们可以通过 Session 监听器监听 Session 创建销毁,属性变更,并将所有创建的SessionId 存储起来,当要踢出某个用户时,用户的Request请求到来时判断Request中SessionId是否一致,一致的话令Session失效,从而实现这个功能!6、上图显示,我们可以拿到所有获得的session,并且内部用户信息无误,此时我们只需要将上述代码中的(1)、(2)打开在完全遵守Shiro的应用规则下理应可以删除对应用户!在用户基础服务中,需要实现删除用户功能。
SpringBoot整合框架——集成SpringSecurity、shiro
m0_61506558的博客
11-04 740
Spring Security 是针对Spring项目的安全框架,也是Spring Boot底层安全模块默认的技术选型,他可以实现强大的Web安全控制,对于安全控制,我们仅需要引入spring-boot-starter-security 模块,进行少量的配置,即可实现强大的安全管理WebSecurityConfigurerAdapter:自定义Security策略AuthenticationManagerBuilder:自定义认证策略。
shiro,访问服务器报错org.apache.shiro.session.UnknownSessionException: There is no session with id [XXX]问题解决
sca4751232017的博客
02-04 3523
当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失! -->
解决org.apache.shiro.session.UnknownSessionException: There is no session with id问题(转)
热门推荐
一棵小树
09-19 2万+
解决org.apache.shiro.session.UnknownSessionException: There is no session with id问题
springboot报错org.apache.shiro.session.UnknownSessionException: There is no session with id [XXX]问题解决
菜鸟小木干的博客
01-20 1万+
springboot项目使用多线程的时候经常报 根据网上的说法是因为在shiro的DefaultWebSessionManager类中,默认Cookie名称是JSESSIONID,这样的话与servlet容器名冲突, 如jetty, tomcat等默认JSESSIONID, 当跳出shiro servlet时如error-page容器会为JSESSIONID重新分配值导致登录会话丢失! ...
Shiro提示org.apache.shiro.session.UnknownSessionException: There is no session with id问题
夜白丶的博客
01-08 1302
Shiro报错
shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
OceanSky的专栏
09-30 9292
Caused by: org.apache.shiro.session.UnknownSessionException: There is no session with id [c92195b6-5905-436b-8fb7-63f2f67a9a08] at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(Abs...
Spring整合Shiro出现There is no session with id [XXX] with root cause问题的解决方案
klayer_cong的博客
03-20 1万+
最近使用spring + shiro整合的时候出现一个非常头疼的问题,就是会经常出现There is no session with id [XXX]的问题,而且非常难调试出问题的所在,源码也看了关于shiro的部分,但是原因还是找不到。废话不多说,直接上配置文件shiro.xml&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;beans xmln...
shiro.session There is no session with id问题点排查
05-19
这个问题通常是由于以下原因导致的: 1. 会话超时:如果会话已经超时,那么就不能再使用该会话。您需要重新创建一个新的会话。 2. 会话丢失:会话可能会在服务器重启、负载均衡、部署更改等情况下丢失。您需要确保...
org.apache.shiro.session.UnknownSessionException: There is no session with id [xxxx]
weixin_43355440的博客
02-27 1269
springboot整合shiro缓存时报错 org.apache.shiro.session.UnknownSessionException: There is no session with id [xxxx] 解决: 1.更改cookie名称为 token 2.设置cookie过期时间与session过期时间一致 3.退出登录时清空cookie ...
org.apache.shiro.session.UnknownSessionException: There is no session
u010154380的专栏
05-12 6130
java.lang.IllegalStateException: org.apache.shiro.session.UnknownSessionException: There is no session with id [d64a3edc-0860-479d-94a4-09670c2369ba] org.apache.shiro.web.servlet.ShiroHttpSession.get
org.apache.shiro.session.UnknownSessionException: There is no session with id [77832ac1-4dbd-4b19-8e
最新发布
qq_33240556的博客
06-01 688
确保在Shiro设置中正确配置了会话管理,包括任何自定义的会话ID Cookie设置或会话存储配置(例如使用EhCache、Redis或数据库)。:在分布式环境中,如果会话复制或集群配置不正确,可能会导致会话在一个服务器上可用而在处理请求的另一服务器上不可用。:如果会话ID被人为修改或生成有误,它将不会对应于Shiro存储中的任何有效会话。:由于长时间未活动或已达到Shiro配置中的最大会话超时时间,会话可能已经过期。:会话存储机制(如缓存、数据库等)的配置不正确可能导致会话未被正确存储或检索。
shrio报错"org.apache.shiro.session.UnknownSessionException: There is no session with id [e239e76d-012d
nolin1234的专栏
10-20 2601
登陆退出跳转后报异常,原因是shiro拦截器中,退出的URL配置了anon(匿名) filterChainDefinitionMap.put("/logout", "anon"); 解决:应该配置成logout(退出) filterChainDefinitionMap.put("/logout", "logout");
Spring Boot+Shiro+redis报UnknownSessionException:There is no session with id(redis中session失效导致异常)
qq_42526272的博客
07-17 6333
首先此异常是在 (源码解析)(解决方法在最后。。) org.apache.shiro.session.mgt.eis.AbstractSessionDAO的readSession方法中抛出的异常 public Session readSession(Serializable sessionId) throws UnknownSessionException { Se...
开启多线程,shiro报错:UnknownSessionException: There is no session with id
一生编程,快乐编程
04-27 718
开启多线程,shiro报错:UnknownSessionException: There is no session with id. 如下所示: org.apache.shiro.session.UnknownSessionException: There is no session with id [c8c5715ea6524f08b2ebe9fcb0566e20] at o...
SpringBoot + Shiro + Redis做安全框架,loginOut报: There is no session with id xxx的异常解决办法
wohennis1的专栏
07-22 1115
网上有很多关于Shiro的Login Out后报:org.apache.shiro.session.UnknownSessionException: There is no session with id [xxx-xxx-xxx]的解决方案,大部分都是抄来抄去的垃圾文章,根本无法解决方案,我也是翻看了大量的资料而没有解决,后来自己Debug了一下源代码发现是session已经清空,却还在获取session,结果导致无法获取session报的异常,根据这一特性,重写了框架自带的LogoutFilter
There is no session with id
bswsf的专栏
07-28 4172
只所以出现这个问题是因为在shiro的DefaultWebSessionManager类中,默认Cookie名称是JSESSIONID,这样的话与servlet容器名冲突,如jetty,tomcat等默认JSESSIONID,当跳出shiroservlet时如error-page容器会为JSESSIONID重新分配值导致登录会话丢失!2、,我们只需要自己指定一个与项目运行容器不冲突的sessionID(也有很多方法)关闭浏览器,清理缓存,决绝问题!首先拔下网上说的比较靠谱的原因和解决方案。...
org.apache.shiro.session.UnknownSessionException: There is no session with id[xx]
sprs的博客
12-29 7026
问题背景: 借鉴开涛的shiro教程,自己动手实验下,关于第16章,使用的框架是shiro+spring MVC+maybatis,一启动就直接抛这个异常。 解决办法: 1, 配置文件 中关于Bean:securityManager中property为sessionManager注释掉即可。(不可取) 2, 因sessionManager受CacheManager,而项
执行Shiro logout后,报如下错误: org.apache.shiro.session.UnknownSessionException: There is no session with id
zsg88的专栏
07-08 5951
严重: Servlet.service() for servlet [spring] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: org.apache.shiro.session.UnknownSess
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值