V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
vivia
V2EX  ›  问与答

chrome浏览器每次请求产生一个新session

  •  
  •   vivia · 2012-12-30 16:39:24 +08:00 · 21270 次点击
    这是一个创建于 4345 天前的主题,其中的信息可能已经有所发展或是发生改变。
    项目使用spring mvc,用shrio进行权限管理,登录页面有使用验证码,验证码放session中,然后纠结的问题开始了……

    首先,项目部署在本机,一切ok...
    然后部署到内网服务器上时,问题来了:
    1、使用IE 8、Fire fox 17一切正常,刷新登录页面session id不变,验证码验证正常……
    2、使用chrome登录时,发现正确填写验证码也报验证码错误,开debug日志发现如下内容:

    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Rendering view [org.springframework.web.servlet.view.RedirectView: name 'redirect:/login'; URL [/login]] in DispatcherServlet with name 'appServlet'
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Successfully completed request
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Returning cached instance of singleton bean 'sqlSessionFactory'
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Found 'JSESSIONID' cookie value [90C864421934A567FA2147C70B17F290]
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
    org.apache.shiro.session.UnknownSessionException: There is no session with id [90C864421934A567FA2147C70B17F290]
    at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
    at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
    at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
    at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
    at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:97)
    at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
    at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
    at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
    at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
    at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
    at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
    at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
    at java.lang.Thread.run(Thread.java:722)
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -DispatcherServlet with name 'appServlet' processing GET request for [/login]
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Looking up handler method for path /login
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Returning handler method [public java.lang.String com.novagame.report.controller.LoginController.index(org.springframework.ui.Model,javax.servlet.http.HttpSession)]
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Returning cached instance of singleton bean 'loginController'
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Last-Modified value for [/login] is: -1
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
    2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Added HttpServletResponse Cookie [JSESSIONID=b6a4eafd-051a-481c-bb86-2d127b10b85a; Path=/; HttpOnly]


    从日志可以看出根据session id[90C864421934A567FA2147C70B17F290]未能找到对应的session,而且session id也跟平常的的不一样,继续看日志,shiro创建了一个新的session (Added HttpServletResponse Cookie [JSESSIONID=b6a4eafd-051a-481c-bb86-2d127b10b85a; Path=/; HttpOnly]),session不同了,验证码肯定报错了。

    在shiro的DefaultSessionManager中下断点远程跟踪调试了解到chrome每次请求登录页面时都生成了一个新会话,并保存在MemorySessionDAO中的sessions变更中,内容类似于"{247cc8fc-ba5f-43c9-9505-c33beadfd273=org.apache.shiro.session.mgt.SimpleSession,id=247cc8fc-ba5f-43c9-9505-c33beadfd273,bbcd95a6-2960-4bc3-a990-2f0cbf110530=org.apache.shiro.session.mgt.SimpleSession,id=bbcd95a6-2960-4bc3-a990-2f0cbf110530}",每次刷新session都增加一个,不存在session过期被移除了的问题,找不到session的原因就是chrome提交的请求中的session id不对……

    目前抓狂中,any hints?
    5 条回复    2017-12-09 15:22:25 +08:00
    vivia
        1
    vivia  
    OP
       2012-12-30 16:54:14 +08:00   ❤️ 1
    dreambt
        2
    dreambt  
       2014-06-22 15:15:03 +08:00
    <session-config>
    <!-- Disables URL-based sessions (no more 'jsessionid' in the URL using Tomcat) -->
    <tracking-mode>COOKIE</tracking-mode>
    </session-config>
    safilar
        3
    safilar  
       2016-08-30 11:23:58 +08:00
    问下,楼主这个问题解决了没有
    wital
        4
    wital  
       2017-05-10 17:49:13 +08:00
    同问,类似问题!
    YzSama
        5
    YzSama  
       2017-12-09 15:22:25 +08:00
    解决了吗?
    同样遇到。。
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   1643 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 23ms · UTC 16:54 · PVG 00:54 · LAX 08:54 · JFK 11:54
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.