chrome浏览器每次请求产生一个新session

2012-12-30 16:39:24 +08:00
 vivia
项目使用spring mvc,用shrio进行权限管理,登录页面有使用验证码,验证码放session中,然后纠结的问题开始了……

首先,项目部署在本机,一切ok...
然后部署到内网服务器上时,问题来了:
1、使用IE 8、Fire fox 17一切正常,刷新登录页面session id不变,验证码验证正常……
2、使用chrome登录时,发现正确填写验证码也报验证码错误,开debug日志发现如下内容:

2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Rendering view [org.springframework.web.servlet.view.RedirectView: name 'redirect:/login'; URL [/login]] in DispatcherServlet with name 'appServlet'
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Successfully completed request
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-2] -Returning cached instance of singleton bean 'sqlSessionFactory'
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Found 'JSESSIONID' cookie value [90C864421934A567FA2147C70B17F290]
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [90C864421934A567FA2147C70B17F290]
at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:105)
at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:97)
at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -DispatcherServlet with name 'appServlet' processing GET request for [/login]
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Looking up handler method for path /login
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Returning handler method [public java.lang.String com.novagame.report.controller.LoginController.index(org.springframework.ui.Model,javax.servlet.http.HttpSession)]
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Returning cached instance of singleton bean 'loginController'
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Last-Modified value for [/login] is: -1
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null]
2012-12-30 16:25:10 DEBUG [http-bio-9001-exec-8] -Added HttpServletResponse Cookie [JSESSIONID=b6a4eafd-051a-481c-bb86-2d127b10b85a; Path=/; HttpOnly]


从日志可以看出根据session id[90C864421934A567FA2147C70B17F290]未能找到对应的session,而且session id也跟平常的的不一样,继续看日志,shiro创建了一个新的session (Added HttpServletResponse Cookie [JSESSIONID=b6a4eafd-051a-481c-bb86-2d127b10b85a; Path=/; HttpOnly]),session不同了,验证码肯定报错了。

在shiro的DefaultSessionManager中下断点远程跟踪调试了解到chrome每次请求登录页面时都生成了一个新会话,并保存在MemorySessionDAO中的sessions变更中,内容类似于"{247cc8fc-ba5f-43c9-9505-c33beadfd273=org.apache.shiro.session.mgt.SimpleSession,id=247cc8fc-ba5f-43c9-9505-c33beadfd273,bbcd95a6-2960-4bc3-a990-2f0cbf110530=org.apache.shiro.session.mgt.SimpleSession,id=bbcd95a6-2960-4bc3-a990-2f0cbf110530}",每次刷新session都增加一个,不存在session过期被移除了的问题,找不到session的原因就是chrome提交的请求中的session id不对……

目前抓狂中,any hints?
21315 次点击
所在节点    问与答
5 条回复
vivia
2012-12-30 16:54:14 +08:00
dreambt
2014-06-22 15:15:03 +08:00
<session-config>
<!-- Disables URL-based sessions (no more 'jsessionid' in the URL using Tomcat) -->
<tracking-mode>COOKIE</tracking-mode>
</session-config>
safilar
2016-08-30 11:23:58 +08:00
问下,楼主这个问题解决了没有
wital
2017-05-10 17:49:13 +08:00
同问,类似问题!
YzSama
2017-12-09 15:22:25 +08:00
解决了吗?
同样遇到。。

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/56219

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX