[
https://issues.apache.org/jira/browse/SHIRO-489?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Marwell updated SHIRO-489:
-----------------------------------
Component/s: (was: Web Site)
> can not get session on sina app engine
> --------------------------------------
>
> Key: SHIRO-489
> URL: https://issues.apache.org/jira/browse/SHIRO-489
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.2.3
> Environment: sina app engine
> Reporter: 吴开强
> Priority: Major
>
> org.apache.shiro.web.servlet.AbstractShiroFilter
> ...
> protected void doFilterInternal(ServletRequest servletRequest,
> ServletResponse servletResponse, final FilterChain chain)
> throws ServletException, IOException {
> ...
> final ServletRequest request =
> prepareServletRequest(servletRequest, servletResponse, chain);
> final ServletResponse response = prepareServletResponse(request,
> servletResponse, chain);
> final Subject subject = createSubject(request, response);
> //noinspection unchecked
> subject.execute(new Callable() {
> public Object call() throws Exception {
> updateSessionLastAccessTime(request, response);
> executeChain(request, response, chain);
> ...
> }
> executeChain(request, response, chain) would not use request instance,this
> is a ShiroHttpServletRequest instance and override getSession() method,and
> then any other place(servlet container or other filter) use this request will
> something unexpected will happen.for example:session.getId() is null in
> jsp,and login status can not be holded,I think this method should like this:
> protected void doFilterInternal(final ServletRequest servletRequest,final
> ServletResponse servletResponse, final FilterChain chain)
> throws ServletException, IOException {
> Throwable t = null;
> try {
> final ServletRequest request =
> prepareServletRequest(servletRequest, servletResponse, chain);
> final ServletResponse response = prepareServletResponse(request,
> servletResponse, chain);
> final Subject subject = createSubject(request, response);
> //noinspection unchecked
> subject.execute(new Callable() {
> public Object call() throws Exception {
> updateSessionLastAccessTime(request, response);
> executeChain(servletRequest, servletResponse, chain);
> ...
> }
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]