現象:
當cas 登錄人數較少時候沒有錯誤,但是用戶過多時候出現下列err
May-2016 18:09:11.932 SEVERE [http-nio-8080-exec-52] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [cas] in context with path [/dlcas-server] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot create a session after the response has been committed] with root cause
java.lang.IllegalStateException: Cannot create a session after the response has been committed
at org.apache.catalina.connector.Request.doGetSession(Request.java:2935)
at org.apache.catalina.connector.Request.getSession(Request.java:2305)
at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:895)
at org.springframework.webflow.context.servlet.HttpSessionMap.getMutex(HttpSessionMap.java:98)
at org.springframework.webflow.core.collection.LocalSharedAttributeMap.getMutex(LocalSharedAttributeMap.java:39)
at org.springframework.webflow.conversation.impl.ContainedConversation.unlock(ContainedConversation.java:108)
at org.springframework.webflow.execution.repository.support.ConversationBackedFlowExecutionLock.unlock(ConversationBackedFlowExecutionLock.java:55)
at
…………解決方法:
cas-servlet.xml 配置文件
<bean id="terminateWebSessionListener" class="org.jasig.cas.web.flow.TerminateWebSessionListener"
p:timeToDieInSeconds="這邊調大點,默認是2" />
原理
參考 http://www.mytju.com/classcode/news_readNews.asp?newsID=504
發現重新設置了SessionID,正常登錄時則不會設置。
懷疑是Session不存在了,導致后台重新創建Session,重新返回了login頁面。
找到org.jasig.cas.web.flow下的TerminateWebSessionListener.java,
這個類監聽sessionStarted和sessionEnded事件,
加log后執行,
發現,訪問login頁面時是session start,登錄成功后是session end,
也就是說,登錄動作執行后這個session就被咔嚓掉了~~~
喀嚓掉,是使用
webSession.setMaxInactiveInterval(this.timeToDieInSeconds);實現的。
默認值是2,也就是兩秒
private int timeToDieInSeconds = 2;
執行logout時,只是讓TGC無效,並沒有重新創建Session。