参考网页

报错

2018-07-19 23:04:35,330 [http-nio-1008-exec-8] DEBUG [org.apache.shiro.web.servlet.SimpleCookie] - Found 'JSESSIONID' cookie value [8fc50256-a009-4875-950f-03b484314426]

2018-07-19 23:04:35,330 [http-nio-1008-exec-8] DEBUG [org.apache.shiro.mgt.DefaultSecurityManager] - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.

org.apache.shiro.session.UnknownSessionException: There is no session with id [8fc50256-a009-4875-950f-03b484314426]

at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)

at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)

at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:148)

at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:140)

at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:156)

at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:460)

at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:446)

at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:342)

at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:845)

at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)

at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)

at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:349)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1110)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:785)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1425)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)

报错原因分析

Shiro 框架中的 SessionManager 默认实现为 DefaultWebSessionManager，DefaultWebSessionManager的构造方法如下

public DefaultWebSessionManager() {         Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);         cookie.setHttpOnly(true); //more secure, protects against XSS attacks         this.sessionIdCookie = cookie;         this.sessionIdCookieEnabled = true;         this.sessionIdUrlRewritingEnabled = true;    }

其中Cookie使用的是 SimpleCookie，SimpleCookie构造用的名字为 ShiroHttpSession.DEFAULT_SESSION_ID_NAME，追踪可以看到

public static final String DEFAULT_SESSION_ID_NAME = "JSESSIONID";

也就是说Shiro 框架中的 SessionManager的默认实现 DefaultWebSessionManager，使用的Cookie的名称为 "JSESSIONID" ，与SERVLET容器（如JETTY, TOMCAT）默认的Cookie名冲突了，当跳出SHIRO SERVLET时如ERROR-PAGE容器会为JSESSIONID重新分配值导致登录会话丢失。

解决思路--自定义一个不与容器冲突的SEESIONID

我的实际解决

在Shiro配置类 ShiroConfig 中，修改 SessionManager 的Cookie名。

代码

@Beanpublic SessionManager sessionManager() {DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();Collection
    
      listeners = new ArrayList
     
      ();listeners.add(new ShiroSessionListener());sessionManager.setSessionListeners(listeners);sessionManager.setSessionDAO(sessionDAO());//修改 Cookie 名，避免与SERVLET容器（如JETTY, TOMCAT）默认的Cookie名（JSESSIONID）冲突Cookie c = new SimpleCookie("wms.session.id");//10秒失效c.setMaxAge(10);//与会话同步// c.setMaxAge(-1);sessionManager.setSessionIdCookie(c);return sessionManager;}
     
    

测试--成功，Firefox下F12，可以查看Cooike