CAS-ERR Cannot create a session after the response has been committed
现象:
当cas 登录人数较少时候没有错误,但是用户过多时候出现下列err
May-2016 18:09:11.932 SEVERE [http-nio-8080-exec-52] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [cas] in context with path [/dlcas-server] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot create a session after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2935)
at org.apache.catalina.connector.Request.getSession(Request.java:2305)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:895)
at org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
at org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
at org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
at org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
at
…………
解决方法:
cas-servlet.xml 配置文件
<bean id="terminateWebSessionListener" class="org.jasig.cas.web.flow.TerminateWebSessionListener"
p:timeToDieInSeconds="这边调大点,默认是2" />
原理
参考 http://www.mytju.com/classcode/news_readNews.asp?newsID=504
发现重新设置了SessionID,正常登录时则不会设置。
怀疑是Session不存在了,导致后台重新创建Session,重新返回了login页面。
找到org.jasig.cas.web.flow下的TerminateWebSessionListener.java,
这个类监听sessionStarted和sessionEnded事件,
加log后执行,
发现,访问login页面时是session start,登录成功后是session end,
也就是说,登录动作执行后这个session就被咔嚓掉了~~~
喀嚓掉,是使用
webSession.setMaxInactiveInterval(this.timeToDieInSeconds);实现的。
默认值是2,也就是两秒
private int timeToDieInSeconds = 2;
执行logout时,只是让TGC无效,并没有重新创建Session。