Hi,
I am trying to develop a Web Application on Apache Tomcat with Apache Shiro
1.2.3 as security layer. I am using Shiro native sessions with EhCache to
enable session persistence across Tomcat restart. Here is my shiro.ini
session management section.
#############################################################
sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionIdGenerator =
org.apache.shiro.session.mgt.eis.JavaUuidSessionIdGenerator
sessionDAO.sessionIdGenerator = $sessionIdGenerator
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
sessionManager.sessionDAO = $sessionDAO
sessionManager.globalSessionTimeout = 1800000
sessionValidationScheduler =
org.apache.shiro.session.mgt.ExecutorServiceSessionValidationScheduler
sessionValidationScheduler.interval = 3600000
sessionManager.sessionValidationScheduler = $sessionValidationScheduler
sessionListener = com.akvk.web.TestSessionListener
sessionManager.sessionListeners = $sessionListener
securityManager.sessionManager = $sessionManager
cacheManager = org.apache.shiro.cache.ehcache.EhCacheManager
securityManager.cacheManager = $cacheManager
########################################################################
But I see random UnknownSessionException in Tomcat logs which sometimes
affects page load leaving the page blank, incomplete or redirecting to login
page. A simple refresh of the page resolves the issue. If I change the
sessionDAO to MemorySessionDAO then there is no problem but I cannot use
session persistence with this.
On further looking into Shiro code I find that doReadSession method in
EnterpriseCacheSessionDAO always returns null which could be causing
AbstractSessionDAO to throw the exception. But the comment in
EnterpriseCacheSessionDAO tells that it has been purposefully written to
return null because it never gets called. But I did not find the parent
class CachingSessionDAO implement doReadSession method. Below is the code
from EnterpriseCacheSessionDAO.
protected Session doReadSession(Serializable sessionId) {
return null; //should never execute because this implementation
relies on parent class to access cache, which
//is where all sessions reside - it is the cache implementation that
determines if the
//cache is memory only or disk-persistent, etc.
}
I know I am doing something wrong because the UnknownSessionException comes
up randomly and not for all requests. I tried solutions mentioned in other
threads but did not help me. Should I simply use Tomcat's session management
or is there any fix/workaround available for this?
Thanks.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/UnknownSessionException-with-EnterpriseCacheSessionDAO-tp7580684.html
Sent from the Shiro User mailing list archive at Nabble.com.
