Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-489

can not get session on sina app engine

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.3
    • Fix Version/s: None
    • Component/s: Web, Web Site
    • Labels:
      None
    • Environment:
      sina app engine

      Description

      org.apache.shiro.web.servlet.AbstractShiroFilter
      ...
      protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
      throws ServletException, IOException {
      ...
      final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
      final ServletResponse response = prepareServletResponse(request, servletResponse, chain);

      final Subject subject = createSubject(request, response);

      //noinspection unchecked
      subject.execute(new Callable() {
      public Object call() throws Exception

      { updateSessionLastAccessTime(request, response); executeChain(request, response, chain); ... }

      executeChain(request, response, chain) would not use request instance,this is a ShiroHttpServletRequest instance and override getSession() method,and then any other place(servlet container or other filter) use this request will something unexpected will happen.for example:session.getId() is null in jsp,and login status can not be holded,I think this method should like this:
      protected void doFilterInternal(final ServletRequest servletRequest,final ServletResponse servletResponse, final FilterChain chain)
      throws ServletException, IOException {
      Throwable t = null;
      try {
      final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
      final ServletResponse response = prepareServletResponse(request, servletResponse, chain);
      final Subject subject = createSubject(request, response);
      //noinspection unchecked
      subject.execute(new Callable() {
      public Object call() throws Exception

      { updateSessionLastAccessTime(request, response); executeChain(servletRequest, servletResponse, chain); ... }

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              wkq361 吴开强
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: