You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "吴开强 (JIRA)" <ji...@apache.org> on 2014/03/07 10:33:42 UTC

[jira] [Created] (SHIRO-489) can not get session on sina app engine

吴开强 created SHIRO-489:
-------------------------

             Summary: can not get session on sina app engine
                 Key: SHIRO-489
                 URL: https://issues.apache.org/jira/browse/SHIRO-489
             Project: Shiro
          Issue Type: Bug
          Components: Web, Web Site
    Affects Versions: 1.2.3
         Environment: sina app engine
            Reporter: 吴开强


org.apache.shiro.web.servlet.AbstractShiroFilter
...
 protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
            throws ServletException, IOException {
...
            final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
            final ServletResponse response = prepareServletResponse(request, servletResponse, chain);

            final Subject subject = createSubject(request, response);

            //noinspection unchecked
            subject.execute(new Callable() {
                public Object call() throws Exception {
                    updateSessionLastAccessTime(request, response);
                    executeChain(request, response, chain);
...
    }
 executeChain(request, response, chain) would not use request instance,this is a ShiroHttpServletRequest instance and override getSession() method,and then any other place(servlet container or other filter) use this request will something unexpected will happen.for example:session.getId() is null in jsp,and login status can not be holded,I think this method should like this:
protected void doFilterInternal(final ServletRequest servletRequest,final ServletResponse servletResponse, final FilterChain chain)
            throws ServletException, IOException {
        Throwable t = null;
        try {
            final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
            final ServletResponse response = prepareServletResponse(request, servletResponse, chain);
            final Subject subject = createSubject(request, response);
            //noinspection unchecked
            subject.execute(new Callable() {
                public Object call() throws Exception {
                    updateSessionLastAccessTime(request, response);
                    executeChain(servletRequest, servletResponse, chain);
...
    }




--
This message was sent by Atlassian JIRA
(v6.2#6252)