CAS-ERR Cannot create a session after the response has been committed

现象:

当cas 登录人数较少时候没有错误,但是用户过多时候出现下列err
May-2016 18:09:11.932 SEVERE [http-nio-8080-exec-52] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [cas] in context with path [/dlcas-server] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot create a session after the response has been committed] with root cause
 java.lang.IllegalStateException: Cannot create a session after the response has been committed
    at org.apache.catalina.connector.Request.doGetSession(Request.java:2935)
    at org.apache.catalina.connector.Request.getSession(Request.java:2305)
    at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:895)
    at org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
    at org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
    at org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
    at org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
    at 
    …………

解决方法:

cas-servlet.xml 配置文件

<bean id="terminateWebSessionListener" class="org.jasig.cas.web.flow.TerminateWebSessionListener"
p:timeToDieInSeconds="这边调大点,默认是2" />

原理

参考 http://www.mytju.com/classcode/news_readNews.asp?newsID=504

发现重新设置了SessionID,正常登录时则不会设置。

怀疑是Session不存在了,导致后台重新创建Session,重新返回了login页面。

找到org.jasig.cas.web.flow下的TerminateWebSessionListener.java,
这个类监听sessionStarted和sessionEnded事件,

加log后执行,

发现,访问login页面时是session start,登录成功后是session end,

也就是说,登录动作执行后这个session就被咔嚓掉了~~~

喀嚓掉,是使用
webSession.setMaxInactiveInterval(this.timeToDieInSeconds);实现的。

默认值是2,也就是两秒
private int timeToDieInSeconds = 2;

执行logout时,只是让TGC无效,并没有重新创建Session。

posted @ 2016-06-03 10:43  挨踢人啊  阅读(2155)  评论(1编辑  收藏  举报