There is no session with id[xxx]

參考網頁

https://blog.csdn.net/caimengyuan/article/details/52526765

報錯

2018-07-19 23:04:35,330 [http-nio-1008-exec-8] DEBUG [org.apache.shiro.web.servlet.SimpleCookie] - Found 'JSESSIONID' cookie value [8fc50256-a009-4875-950f-03b484314426]

2018-07-19 23:04:35,330 [http-nio-1008-exec-8] DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.

org.apache.shiro.session.UnknownSessionException: There is no session with id [8fc50256-a009-4875-950f-03b484314426]

at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)

at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148)

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:140)

at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:156)

at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:460)

at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:446)

at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)

at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)

at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)

at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)

報錯緣由分析

Shiro 框架中的 SessionManager 默認實現爲 DefaultWebSessionManager，DefaultWebSessionManager的構造方法以下

public DefaultWebSessionManager() {

         Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);

         cookie.setHttpOnly(true); //more secure, protects against XSS attacks

         this.sessionIdCookie = cookie;

         this.sessionIdCookieEnabled = true;

         this.sessionIdUrlRewritingEnabled = true;

    }

其中Cookie使用的是 SimpleCookie，SimpleCookie構造用的名字爲 ShiroHttpSession.DEFAULT_SESSION_ID_NAME，追蹤能夠看到

public static final String DEFAULT_SESSION_ID_NAME = "JSESSIONID";

也就是說Shiro 框架中的 SessionManager的默認實現 DefaultWebSessionManager，使用的Cookie的名稱爲 "JSESSIONID" ，與SERVLET容器（如JETTY, TOMCAT）默認的Cookie名衝突了，當跳出SHIRO SERVLET時如ERROR-PAGE容器會爲JSESSIONID從新分配值致使登陸會話丟失。

解決思路--自定義一個不與容器衝突的SEESIONID

個人實際解決

在Shiro配置類 ShiroConfig 中，修改 SessionManager 的Cookie名。

代碼

@Bean

public SessionManager sessionManager() {

DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();

Collection<SessionListener> listeners = new ArrayList<SessionListener>();

listeners.add(new ShiroSessionListener());

sessionManager.setSessionListeners(listeners);

sessionManager.setSessionDAO(sessionDAO());


//修改 Cookie 名，避免與SERVLET容器（如JETTY, TOMCAT）默認的Cookie名（JSESSIONID）衝突

Cookie c = new SimpleCookie("wms.session.id");

//10秒失效

c.setMaxAge(10);

//與會話同步

// c.setMaxAge(-1);

sessionManager.setSessionIdCookie(c);



return sessionManager;

}

測試--成功，Firefox下F12，能夠查看Cooike