Acegi中Session并发和RememberMe冲突问题解决方法

这个问题着实让我费了好大功夫,本来想放弃Rememberme功能了,后来在邮件列表中发现了解决之道,特此贴出来为大家共享.

<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
        <property name="context">
            <value>org.acegisecurity.context.SecurityContextImpl<!---->value>
        <!---->property>
        <property name="forceEagerSessionCreation" value="true"/>
<!---->bean>

注意:<property name="forceEagerSessionCreation" value="true"/>这里添加了这个属性,并且设置为true;

邮件列表地址:http://opensource.atlassian.com/projects/spring/browse/SEC-183

贴出原文给大家分享一下:
HttpSessionContextIntegrationFilter now provides an forceEagerSessionCreation property (defaults to false). If set to true, it will cause a HttpSession to be created at the commencement of each web request. When the authentication mechanisms later run, they will use the constructor of WebAuthenticationDetails which does not force a HttpSession to be created, thus extracting a Session ID if the session was already available (either through normal creation operations or the forceEagerSessionCreation property) or leaving the Session ID as null if no HttpSession was available.

The anonymous and remember-me authentication mechanisms have been amended to not force session creation. Those using concurrent session support with either (or both) of these authentication mechanisms will be required to set HttpSessionContextIntegrationFilter.forceEagerSessionCreation = true.

注:在acegi的1.0.3和1.0.4版本中测试通过

评论

2 楼 manu82gf 2007-09-19  

RememberMe和Session并发控制能够达到什么样的效果？

1 楼 westlwt 2007-08-02  

什么意思，之前是什么状况？这个有什么用？