吴开强 created SHIRO-489:
-------------------------
Summary: can not get session on sina app engine
Key: SHIRO-489
URL: https://issues.apache.org/jira/browse/SHIRO-489
Project: Shiro
Issue Type: Bug
Components: Web, Web Site
Affects Versions: 1.2.3
Environment: sina app engine
Reporter: 吴开强
org.apache.shiro.web.servlet.AbstractShiroFilter
...
protected void doFilterInternal(ServletRequest servletRequest, ServletResponse
servletResponse, final FilterChain chain)
throws ServletException, IOException {
...
final ServletRequest request =
prepareServletRequest(servletRequest, servletResponse, chain);
final ServletResponse response = prepareServletResponse(request,
servletResponse, chain);
final Subject subject = createSubject(request, response);
//noinspection unchecked
subject.execute(new Callable() {
public Object call() throws Exception {
updateSessionLastAccessTime(request, response);
executeChain(request, response, chain);
...
}
executeChain(request, response, chain) would not use request instance,this is
a ShiroHttpServletRequest instance and override getSession() method,and then
any other place(servlet container or other filter) use this request will
something unexpected will happen.for example:session.getId() is null in jsp,and
login status can not be holded,I think this method should like this:
protected void doFilterInternal(final ServletRequest servletRequest,final
ServletResponse servletResponse, final FilterChain chain)
throws ServletException, IOException {
Throwable t = null;
try {
final ServletRequest request =
prepareServletRequest(servletRequest, servletResponse, chain);
final ServletResponse response = prepareServletResponse(request,
servletResponse, chain);
final Subject subject = createSubject(request, response);
//noinspection unchecked
subject.execute(new Callable() {
public Object call() throws Exception {
updateSessionLastAccessTime(request, response);
executeChain(servletRequest, servletResponse, chain);
...
}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
