I have a situation where the SessionManager expires my session after just 2 - 3
minutes of inactivity, despite having set a generous global timeout of 8 hours.
Using Spring, here's a brief overview of how I'm configured.
<bean id="shiroSessionDao"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO" />
<bean id="shiroSessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="shiroSessionDao" />
<property name="globalSessionTimeout" value="28800000" />
</bean>
I then set the bean above to the securityManager's sessionManager.
So long as I click through my web application, my session stays current and all
is well. However, after about 2 - 3 minutes of idle time, my session is expired
and Shiro attempts to create a new one. It finds the JSESSIONID cookie but
identifies the session as invalid:
10:28:23,311 DEBUG SimpleCookie:366 - Found 'JSESSIONID' cookie value
[c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
10:28:23,312 DEBUG Segment:707 - remove deleted 0 from heap
10:28:23,313 DEBUG Segment:711 - remove deleted 0 from disk
10:28:23,313 DEBUG DefaultSecurityManager:447 - Resolved SubjectContext context
session is invalid. Ignoring and creating an anonymous (session-less) Subject
instance.
Can anyone offer me any advice or suggest something to start looking at? My
ehcache xml and the full exception details are below.
Thank you!
Mike
EHCACHE XML:
<cache name="shiro-activeSessionCache"
maxElementsInMemory="10000"
eternal="true"
timeToLiveSeconds="0"
timeToIdleSeconds="0"
diskPersistent="false"
overflowToDisk="true"
diskExpiryThreadIntervalSeconds="600">
</cache>
EXCEPTION:
10:28:23,311 DEBUG SimpleCookie:366 - Found 'JSESSIONID' cookie value
[c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
10:28:23,312 DEBUG Segment:707 - remove deleted 0 from heap
10:28:23,313 DEBUG Segment:711 - remove deleted 0 from disk
10:28:23,313 DEBUG DefaultSecurityManager:447 - Resolved SubjectContext context
session is invalid. Ignoring and creating an anonymous (session-less) Subject
instance.
org.apache.shiro.session.UnknownSessionException: There is no session with id
[c10d7012-cc1c-4ca9-bf3e-4ce69dd1c266]
at
org.apache.shiro.session.mgt.eis.AbstractSessionDAO.readSession(AbstractSessionDAO.java:170)
at
org.apache.shiro.session.mgt.eis.CachingSessionDAO.readSession(CachingSessionDAO.java:261)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSessionFromDataSource(DefaultSessionManager.java:236)
at
org.apache.shiro.session.mgt.DefaultSessionManager.retrieveSession(DefaultSessionManager.java:222)
at
org.apache.shiro.session.mgt.AbstractValidatingSessionManager.doGetSession(AbstractValidatingSessionManager.java:118)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.lookupSession(AbstractNativeSessionManager.java:108)
at
org.apache.shiro.session.mgt.AbstractNativeSessionManager.getSession(AbstractNativeSessionManager.java:100)
at
org.apache.shiro.mgt.SessionsSecurityManager.getSession(SessionsSecurityManager.java:125)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolveContextSession(DefaultSecurityManager.java:456)
at
org.apache.shiro.mgt.DefaultSecurityManager.resolveSession(DefaultSecurityManager.java:442)
at
org.apache.shiro.mgt.DefaultSecurityManager.createSubject(DefaultSecurityManager.java:338)
at
org.apache.shiro.subject.Subject$Builder.buildSubject(Subject.java:846)
at
org.apache.shiro.web.subject.WebSubject$Builder.buildWebSubject(WebSubject.java:148)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.createSubject(AbstractShiroFilter.java:292)
at
org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:359)
at
org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:928)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:539)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:298)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
The information transmitted, including attachments, is intended only for the
person or entity to which it is addressed and may contain confidential and/or
privileged material. Any review, retransmission, dissemination or other use of,
or taking of any action in reliance upon this information by persons or
entities other than the intended recipient is prohibited. If you received this
e-mail in error, please notify the sender immediately by replying to the
message and deleting the material from your computer.
