shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
2017-09-30 13:11
666 查看
Caused by: org.apache.shiro.session.UnknownSessionException: There is no session with id [c92195b6-5905-436b-8fb7-63f2f67a9a08] at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170) at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261) at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236) at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222) at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupRequiredSession(AbstractNativeSessionManager.java:152) at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getAttribute(AbstractNativeSessionManager.java:249) at org.apache.shiro.session.mgt.DelegatingSession.getAttribute(DelegatingSession.java:141) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.session.ProxiedSession.getAttribute(ProxiedSession.java:121) at org.apache.shiro.subject.support.DelegatingSubject.getRunAsPrincipalsStack(DelegatingSubject.java:469) at org.apache.shiro.subject.support.DelegatingSubject.getPrincipals(DelegatingSubject.java:153) at org.apache.shiro.subject.support.DelegatingSubject.isRemembered(DelegatingSubject.java:297) at controllers.LoginAction.verifyUserAuth(LoginAction.java:119) at controllers.LoginAction.login(LoginAction.java:96) at play.mvc.ActionInvoker.invokeWithContinuation(ActionInvoker.java:557) at play.mvc.ActionInvoker.invoke(ActionInvoker.java:508) at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:484) at play.mvc.ActionInvoker.invokeControllerMethod(ActionInvoker.java:479) at play.mvc.ActionInvoker.invoke(ActionInvoker.java:161) ... 1 more
如上所示:在用户登录的时候找不到session,但是debug代码的时候可以拿到subject对象,那又为什么包session异常呢?下图是登录的代码:
//创建用户名密码身份验证token(即:用户身份/凭证)
UsernamePasswordToken token = new UsernamePasswordToken(username, password, true);
//获取主题对象
Subject subject = SecurityUtils.getSubject();
//验证是否登录成功,如果未登录成功登录验证
if(!subject.isAuthenticated()){
GGLogger.info("登录验证身份!");
//登录,即身份验证
subject.login(token);
}
我们来看一下Subject subject = SecurityUtils.getSubject();对应的源码:
public static Subject getSubject() {
Subject subject = ThreadContext.getSubject();
if (subject == null) {
subject = new Subject.Builder().buildSubject();
ThreadContext.bind(subject);
}
return subject;
}我们清楚的看到subject是从ThreadContext获取,创建过就直接从里面获取,没有创建的话就重新创建一个subject,然后绑定到ThreadContext,调用subject获取session的时候,他会去创建一个session,并且把session缓存起来,操作方法是在AbstractSessionDAO类里面,跟踪得知这里放的是subject的代理对象。如果session超时时间设置过短的话,在用户登录的时候,随着web容器分配的线程,很大的机会会分配之前的线程,而之前的线程绑定过了subject,subject没有失效,subejct对象里面的session也没有什么问题,但是session缓存里面的session失效了,用户登录的时候执行到currentuser.login(token)这个方法,他拿着之前的session,那后要去缓存里面读取,但是已经失效了,所以会报上面那个异常。
问题就是出现在这里,subject绑定到thread上下文里面,subject对象的session是个代理对象,正真的session是放在缓存里面,web容器随机分配的线程有可能绑定过subject,一旦session失效,就会报错。
解决的办法是在shiro去读取session之前判断有没有失效,如果失效移除ThreadContext里面的subject,并且删除缓存里面的session
ThreadContext.remove(ThreadContext.SUBJECT_KEY);//移除线程中的subject
bc09
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id
- shiro学习随笔【四】session过期报 org.apache.shiro.session.UnknownSessionException: There is no session with id