Hi, Brian.
finally, I got a chance to debug this. I tried to define the cookie name like
this:
DefaultWebSessionManager sessionManager = new
DefaultWebSessionManager();
SimpleCookie cookie = new SimpleCookie("NEWSALESSESSIONID");
cookie.setHttpOnly(true);
sessionManager.setSessionIdCookie(cookie);
and the issue is gone. but when I use chrome to tracking the url, I found a
strange things here:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding:gzip, deflate, br
Accept-Language:zh-CN,zh;q=0.9,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:JSESSIONID=5df3f96d-13c9-4ff7-9a61-0c0631d0232c.localhost;
NEWSALESSESSIONID=339c2067-d777-4104-a2da-816932be0443;
__utma=111872281.8308288.1511487186.1511487186.1511487186.1;
__utmb=111872281.10.8.1511487770754; __utmc=111872281;
__utmz=111872281.1511487186.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Host:localhost:8080
Pragma:no-cache
Referer:http://localhost:8080/new-sales/sales/show-price/62
so, look like there are two cookie on wildly. kind of I use shiro session
manager, and the wildly keep use it own cookie again.
so, I guess here’s the problem. I should disable wildly cookie function.
Mike
> 在 2017年11月13日,下午10:52,Brian Demers <[email protected]>
>
> The first block uses the DefaultWebSessionManager, the second uses
> ServletContainerSessionManager. This helps explain the difference you are
> seeing.
>
> That said, it sounds like there is a problem with Wildfly and the
> DefaultWebSessionManager. Any chance you have a dump of an example
> request/response (with http or curl) that shows this issue? (I've never
> really used Wildfly, so this is just a guess)
>
> On Sun, Nov 12, 2017 at 10:52 PM, Mike Guo <[email protected]
> <mailto:[email protected]>> wrote:
> Hi, All.
>
> is there anyone can help me about the session issue when I used shiro in
> Wildfly?
>
> I configured shiro use shiro session(not http session in web container), it
> work prefect when I deployed it into tomcat. but after I move my project to
> wildly. I found the login function work ok. after I input password and
> username, it login success and show me the page after login, but when I try
> to click the other link, it will be jump to login page again. seem to the
> session didn’t keep it.
>
> the original shiro configuration like this:
>
> @Bean
> public DefaultWebSecurityManager securityManager() {
>
>
> DefaultWebSessionManager sessionManager = new
> DefaultWebSessionManager();
> sessionManager.setGlobalSessionTimeout(60*60*1000);
>
> DefaultWebSecurityManager securityManager = new
> DefaultWebSecurityManager();
> securityManager.setRealm(myRealm());
> securityManager.setSessionManager(sessionManager);
>
>
> return securityManager;
>
> }
>
> it always have this issue.
>
> after I change it to :
>
> @Bean
> public DefaultWebSecurityManager securityManager() {
>
>
>
> DefaultWebSecurityManager securityManager = new
> DefaultWebSecurityManager();
> securityManager.setRealm(myRealm());
> return securityManager;
>
> }
>
>
> it work again.
>
>
> sound like the shiro session have some issues.
>
>
> anyone can help me a little tips?
>
> thanks
>
>
> Mike
>
>
>
