Concurrent refresh Problem

2026-05-14 12:32:09 +08:00 · 2022-07-03 18:49:39 +08:00
parent 8aac7a7bb5
commit e73832d570
3 changed files with 8 additions and 7 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java
@@ -124,9 +124,12 @@ public class AuthJwtService {
 				JWTClaimsSet claims = resolve(authToken);
 				boolean isExpiration = claims.getExpirationTime().after(DateTime.now().toDate());
 				boolean isVerify = hmac512Service.verify(authToken);
-				_logger.debug("JWT Validate {} , Verify {} , now {} , ExpirationTime {} , isExpiration : {}" , 
-						isVerify && isExpiration,isVerify,DateTime.now().toDate(),claims.getExpirationTime(),isExpiration);
-
+				_logger.debug("JWT Validate {} " , isVerify && isExpiration);
+				
+				if(!(isVerify && isExpiration)) {
+					_logger.debug("HMAC Verify {} , now {} , ExpirationTime {} , is not Expiration : {}" , 
+						isVerify,DateTime.now().toDate(),claims.getExpirationTime(),isExpiration);
+				}
 				return isVerify && isExpiration;
 			}
 		} catch (ParseException e) {
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java
@@ -76,8 +76,7 @@ public class InMemorySessionManager implements SessionManager{
        if(session != null) {
        	_logger.debug("refresh session Id {} at refreshTime {}",sessionId,refreshTime);
 	        session.setLastAccessTime(refreshTime);
-	        //invalidate sessionId then renew one
-	        sessionStore.invalidate(sessionId);
+	        //put new session
 	        create(sessionId , session);
        }
        return session;
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManagerFactory.java
@@ -109,8 +109,7 @@ public class SessionManagerFactory implements SessionManager{
 		Session session = null;
 		if(isRedis) {
 			session = redisSessionManager.refresh(sessionId,refreshTime);
-			//renew one
-			inMemorySessionManager.remove(sessionId);
+			//renew one in Memory
 			inMemorySessionManager.create(sessionId, session);
 		}else {
 			session = inMemorySessionManager.refresh(sessionId,refreshTime);