Пример #1
0
 @Override
 protected Serializable getSessionId(ServletRequest request, ServletResponse response) {
   // 如果参数中包含“__sid”参数,则使用此sid会话。 例如:http://localhost/project?__sid=xxx&__cookie=true
   String sid = request.getParameter("__sid");
   if (StringUtils.isNotBlank(sid)) {
     // 是否将sid保存到cookie,浏览器模式下使用此参数。
     if (WebUtils.isTrue(request, "__cookie")) {
       HttpServletRequest rq = (HttpServletRequest) request;
       HttpServletResponse rs = (HttpServletResponse) response;
       Cookie template = getSessionIdCookie();
       Cookie cookie = new SimpleCookie(template);
       cookie.setValue(sid);
       cookie.saveTo(rq, rs);
     }
     // 设置当前session状态
     request.setAttribute(
         ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
         ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); // session来源与url
     request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, sid);
     request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
     return sid;
   } else {
     return super.getSessionId(request, response);
   }
 }
 private void storeSessionId(
     Serializable currentId, HttpServletRequest request, HttpServletResponse response) {
   if (currentId == null) {
     String msg = "sessionId cannot be null when persisting for subsequent requests.";
     throw new IllegalArgumentException(msg);
   }
   Cookie template = getSessionIdCookie();
   Cookie cookie = new SimpleCookie(template);
   String idString = currentId.toString();
   cookie.setValue(idString);
   cookie.saveTo(request, response);
   log.trace("Set session ID cookie for session with id {}", idString);
 }
 public ShiroWebSessionManager() {
   Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
   cookie.setHttpOnly(true); // more secure, protects against XSS attacks
   this.sessionIdCookie = cookie;
   this.sessionIdCookieEnabled = true;
 }