You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by niels <op...@gmail.com> on 2014/09/17 16:32:29 UTC
;JSESSIONID= in URL
Hi ,
I'm trying shiro as an replacement of spring securiy. I configured it with
spring java-config for an web-app.
Most parts work fine, except the following:
At login I get a sessionId as
paramter /login;JSESSIONID=b1cffc7e-8643-4692-96c7-33053f9e6acd. Any idea
how I could avoid it? It only happens for login.
I'm using
final DefaultWebSessionManager sessionManager =
new DefaultWebSessionManager();
sessionManager.setSessionIdCookieEnabled(true);
Best regards
Niels
Re: ;JSESSIONID= in URL
Posted by Nagaraju Kurma <na...@enhancesys.com>.
Hello Team,
After digging it into low level finally confirmed that the following
configuration will not read the session configuration done in web.xml
*<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> *
*</bean>*
*<session-config> <tracking-mode>COOKIE</tracking-mode>
</session-config>*
If i replace *ServletContainerSessionManager* the above
*DefaultWebSessionManager *then the following configuration got effected.
*<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.*
*ServletContainerSessionManager* *"> **</bean>*
*<session-config>*
* <tracking-mode>COOKIE</tracking-mode>*
* </session-config>*
On Wed, Sep 17, 2014 at 9:52 PM, niels <op...@gmail.com> wrote:
> Thanks for the hint. I didn't found it via google. But I still think it
> would
> be good if shiro address this issue by providing a filter.
> However I'm unsure if it's a good idea to disable url-encoding :-/ but it's
> a workaround.
>
> The reason, why I think it's shiro issue, is the following:
> - My app without security never has a session-id in the url.
> - My app with spring security never has a session-idin the url.
> - My app with shiro has the session-id in the url.
>
> I hope you can see the point. And I'm still not understand why the behavior
> change.
>
> Regards
> Niels
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/JSESSIONID-in-URL-tp7580232p7580235.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>
--
Thanks & Regards
Nagaraju Kurma
Re: ;JSESSIONID= in URL
Posted by niels <op...@gmail.com>.
Thanks for the hint. I didn't found it via google. But I still think it would
be good if shiro address this issue by providing a filter.
However I'm unsure if it's a good idea to disable url-encoding :-/ but it's
a workaround.
The reason, why I think it's shiro issue, is the following:
- My app without security never has a session-id in the url.
- My app with spring security never has a session-idin the url.
- My app with shiro has the session-id in the url.
I hope you can see the point. And I'm still not understand why the behavior
change.
Regards
Niels
--
View this message in context: http://shiro-user.582556.n2.nabble.com/JSESSIONID-in-URL-tp7580232p7580235.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: ;JSESSIONID= in URL
Posted by Dominic Farr <do...@gmail.com>.
this isn't a shiro issue per se, see.
http://stackoverflow.com/questions/11327631/remove-jsessionid-from-url
On 17 September 2014 15:32, niels <op...@gmail.com> wrote:
> Hi ,
>
> I'm trying shiro as an replacement of spring securiy. I configured it
> with spring java-config for an web-app.
> Most parts work fine, except the following:
>
> At login I get a sessionId as
> paramter /login;JSESSIONID=b1cffc7e-8643-4692-96c7-33053f9e6acd. Any idea
> how I could avoid it? It only happens for login.
>
> I'm using
> final DefaultWebSessionManager sessionManager =
> new DefaultWebSessionManager();
> sessionManager.setSessionIdCookieEnabled(true);
>
>
> Best regards
> Niels
>
>
>