You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Michael Chandler <Mi...@onassignment.com> on 2013/10/23 22:48:35 UTC

RE: (SOLVED) Cached Session DAO timing out and expiring session

Based on what I was reading in my container logs, it was unable to locate ehcache.xml and was defaulting to undesirable settings.  I made sure to drop ehcache.xml into my classpath and now I'm good to go.

This may be the last big hurdle for me.  It's been quite a learning experience so far.  Nevertheless, I'm ready for a long vacation!

From: Michael Chandler [mailto:Michael.Chandler@onassignment.com]
Sent: Wednesday, October 23, 2013 10:40 AM
To: user@shiro.apache.org
Subject: Cached Session DAO timing out and expiring session

I have a situation where the SessionManager expires my session after just 2 - 3 minutes of inactivity, despite having set a generous global timeout of 8 hours.  Using Spring, here's a brief overview of how I'm configured.

<bean id="shiroSessionDao" class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" />

<bean id="shiroSessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
                <property name="sessionDAO" ref="shiroSessionDao" />
                <property name="globalSessionTimeout" value="28800000" />
</bean>

I then set the bean above to the securityManager's sessionManager.

So long as I click through my web application, my session stays current and all is well. However, after about 2 - 3 minutes of idle time, my session is expired and Shiro attempts to create a new one. It finds the JSESSIONID cookie but identifies the session as invalid:

10:28:23,311 DEBUG SimpleCookie:366 - Found 'JSESSIONID' cookie value [c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
10:28:23,312 DEBUG Segment:707 - remove deleted 0 from heap
10:28:23,313 DEBUG Segment:711 - remove deleted 0 from disk
10:28:23,313 DEBUG DefaultSecurityManager:447 - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.

Can anyone offer me any advice or suggest something to start looking at?  My ehcache xml and the full exception details are below.

Thank you!

Mike


EHCACHE XML:
<cache name="shiro-activeSessionCache"
                maxElementsInMemory="10000"
                eternal="true"
                timeToLiveSeconds="0"
                timeToIdleSeconds="0"
                diskPersistent="false"
                overflowToDisk="true"
                diskExpiryThreadIntervalSeconds="600">
</cache>

EXCEPTION:
10:28:23,311 DEBUG SimpleCookie:366 - Found 'JSESSIONID' cookie value [c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
10:28:23,312 DEBUG Segment:707 - remove deleted 0 from heap
10:28:23,313 DEBUG Segment:711 - remove deleted 0 from disk
10:28:23,313 DEBUG DefaultSecurityManager:447 - Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous (session-less) Subject instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id [c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
                at org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
                at org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
                at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
                at org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
                at org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
                at org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
                at org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
                at org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
                at org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
                at org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
                at org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
                at org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
                at org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
                at org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
                at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
                at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
                at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
                at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
                at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539)
                at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
                at java.lang.Thread.run(Thread.java:724)

The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.