You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "吴开强 (JIRA)" <ji...@apache.org> on 2014/03/07 10:33:42 UTC
[jira] [Created] (SHIRO-489) can not get session on sina app engine
吴开强 created SHIRO-489:
-------------------------
Summary: can not get session on sina app engine
Key: SHIRO-489
URL: https://issues.apache.org/jira/browse/SHIRO-489
Project: Shiro
Issue Type: Bug
Components: Web, Web Site
Affects Versions: 1.2.3
Environment: sina app engine
Reporter: 吴开强
org.apache.shiro.web.servlet.AbstractShiroFilter
...
protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, final FilterChain chain)
throws ServletException, IOException {
...
final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
final ServletResponse response = prepareServletResponse(request, servletResponse, chain);
final Subject subject = createSubject(request, response);
//noinspection unchecked
subject.execute(new Callable() {
public Object call() throws Exception {
updateSessionLastAccessTime(request, response);
executeChain(request, response, chain);
...
}
executeChain(request, response, chain) would not use request instance,this is a ShiroHttpServletRequest instance and override getSession() method,and then any other place(servlet container or other filter) use this request will something unexpected will happen.for example:session.getId() is null in jsp,and login status can not be holded,I think this method should like this:
protected void doFilterInternal(final ServletRequest servletRequest,final ServletResponse servletResponse, final FilterChain chain)
throws ServletException, IOException {
Throwable t = null;
try {
final ServletRequest request = prepareServletRequest(servletRequest, servletResponse, chain);
final ServletResponse response = prepareServletResponse(request, servletResponse, chain);
final Subject subject = createSubject(request, response);
//noinspection unchecked
subject.execute(new Callable() {
public Object call() throws Exception {
updateSessionLastAccessTime(request, response);
executeChain(servletRequest, servletResponse, chain);
...
}
--
This message was sent by Atlassian JIRA
(v6.2#6252)