DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

RE: DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

I didn't exactly figure it out, but implemented a work around.  I confirmed that cookies were being set as expected so implemented a urlrewrite filter.  It's by no means a fix, but it's letting me carry on with my development so I can circle back around after I make some progress.  All signs appear to point to a configuration issue with Tomcat and/or Eclipse, so I figured I would work around this for now and take the issue off this list.  I'm glad to know this mystery has afflicted others.  I was ready to turn in my programming badge and have myself declared insane!

From: Josh Berry [mailto:taeric@gmail.com]
Sent: Thursday, October 24, 2013 8:22 AM
To: user@shiro.apache.org
Subject: Re: DefaultWebSessionManager

You ever get this figured out?  I don't personally use Eclipse, but I know I coworker had to do a full "clean" and republish a few times to get changes to stick.  I believe that was mostly because Eclipse had a hard time working with the maven build, though.

I can say that I had this problem before I upgraded to tomcat7 and made the suggested change to the web.xml.  As you note, it seemed to only happen on the initial authentication (for me, it would only happen on the selenium tests).

On Tue, Oct 22, 2013 at 4:34 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
I'm running Tomcat within Eclipse as opposed to deploying via a Maven goal.  I wiped the temp and work directories of Tomcat only to find that it's still happening.  What I discovered, however, is that it only appends the ;JSESSIONID= upon initial authentication.  This gives me something to work with, but I'm still baffled as to why it happens.  Based on what I'm seeing in the logs, the JSESSIONID cookie is being created and read successfully, so I'm confused.  It simply shouldn't be doing that.

From: Josh Berry [mailto:taeric@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 12:22 PM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

How are you running this?  I had problems with that happening, as well.  For me adding that config worked.  Maybe try to completely wipe out the temp and work directories of tomcat.  I've found that it can be rather aggressive in saving work it did in the past.
For what its worth, I'm also using tomcat7.  Specifically with the `mvn tomcat7:run` goal.

On Tue, Oct 22, 2013 at 3:00 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
Josh, I am using the 3.0 namespace declaration in web.xml.

From: Josh Berry [mailto:taeric@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 11:50 AM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

Make sure you are using version "3.0" of the web.xml namespace.  Not sure that tag gets used if you are using the older servlet specification.

On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
I'm using Tomcat 7.

From: M.C. Wilson [mailto:nijhazer@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 10:40 AM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty.

On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us>> wrote:

Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.

On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:

Interestingly, I tried that already and it didn't change anything.  I'm led to believe that Shiro is somehow overriding this.

From: Lenny Primak [mailto:lprimak@<mailto:lprimak@>hope.nyc.ny.us<http://hope.nyc.ny.us>]
Sent: Tuesday, October 22, 2013 10:32 AM
To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:

In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

Re: DefaultWebSessionManager

[Josh Berry <ta...@gmail.com>]

You ever get this figured out?  I don't personally use Eclipse, but I know
I coworker had to do a full "clean" and republish a few times to get
changes to stick.  I believe that was mostly because Eclipse had a hard
time working with the maven build, though.

I can say that I had this problem before I upgraded to tomcat7 and made the
suggested change to the web.xml.  As you note, it seemed to only happen on
the initial authentication (for me, it would only happen on the selenium
tests).


On Tue, Oct 22, 2013 at 4:34 PM, Michael Chandler <
Michael.Chandler@onassignment.com> wrote:

>  I’m running Tomcat within Eclipse as opposed to deploying via a Maven
> goal.  I wiped the temp and work directories of Tomcat only to find that
> it’s still happening.  What I discovered, however, is that it only appends
> the ;JSESSIONID= upon initial authentication.  This gives me something to
> work with, but I’m still baffled as to why it happens.  Based on what I’m
> seeing in the logs, the JSESSIONID cookie is being created and read
> successfully, so I’m confused.  It simply shouldn’t be doing that.****
>
> ** **
>
> *From:* Josh Berry [mailto:taeric@gmail.com]
> *Sent:* Tuesday, October 22, 2013 12:22 PM
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ** **
>
> How are you running this?  I had problems with that happening, as well.
> For me adding that config worked.  Maybe try to completely wipe out the
> temp and work directories of tomcat.  I've found that it can be rather
> aggressive in saving work it did in the past.****
>
> For what its worth, I'm also using tomcat7.  Specifically with the `mvn
> tomcat7:run` goal.****
>
> ** **
>
> On Tue, Oct 22, 2013 at 3:00 PM, Michael Chandler <
> Michael.Chandler@onassignment.com> wrote:****
>
> Josh, I am using the 3.0 namespace declaration in web.xml.****
>
>  ****
>
> *From:* Josh Berry [mailto:taeric@gmail.com]
> *Sent:* Tuesday, October 22, 2013 11:50 AM****
>
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> Make sure you are using version "3.0" of the web.xml namespace.  Not sure
> that tag gets used if you are using the older servlet specification.****
>
>  ****
>
> On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <
> Michael.Chandler@onassignment.com> wrote:****
>
> I’m using Tomcat 7.****
>
>  ****
>
> *From:* M.C. Wilson [mailto:nijhazer@gmail.com]
> *Sent:* Tuesday, October 22, 2013 10:40 AM****
>
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> Mr. Chandler, which container are you using in this example? I've seen
> this same thing when using Jetty.****
>
>  ****
>
> On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:
> ****
>
>  ****
>
> Sounds more like something else in your web container setup is overriding
> this.  I don't think there is an API to even do that.****
>
>  ****
>
> On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:****
>
>  ****
>
> Interestingly, I tried that already and it didn’t change anything.  I’m
> led to believe that Shiro is somehow overriding this.****
>
>  ****
>
> *From:* Lenny Primak [mailto:lprimak@hope.nyc.ny.us]
> *Sent:* Tuesday, October 22, 2013 10:32 AM
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> add this to your web.xml:****
>
>  ****
>
>     <session-config>****
>
>         <session-timeout>120</session-timeout>****
>
>         <tracking-mode>COOKIE</tracking-mode>****
>
>     </session-config>****
>
>  ****
>
>  ****
>
> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:****
>
> ** **
>
> In using the DefaultWebSessionManager, I’m finding that Shiro is appending
> “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was
> the default.  The DefaultWebSessionManager constructor appears to set
> sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m
> still seeing the JSESSIONID value in the query string, which is having a
> poor effect on my Spring MVC mappings.****
>
>  ****
>
> Does anyone have any advice on how to get around this problem?  Ideally, I
> would prefer to use cookies.****
>
>  ****
>
> Mike****
>
>  ****
>
>
> The information transmitted, including attachments, is intended only for
> the person or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this e-mail in error, please notify the sender immediately by
> replying to the message and deleting the material from your computer.****
>
>  ****
>
>  ****
>
>  ****
>
>  ****
>
> ** **
>

RE: DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

I'm running Tomcat within Eclipse as opposed to deploying via a Maven goal.  I wiped the temp and work directories of Tomcat only to find that it's still happening.  What I discovered, however, is that it only appends the ;JSESSIONID= upon initial authentication.  This gives me something to work with, but I'm still baffled as to why it happens.  Based on what I'm seeing in the logs, the JSESSIONID cookie is being created and read successfully, so I'm confused.  It simply shouldn't be doing that.

From: Josh Berry [mailto:taeric@gmail.com]
Sent: Tuesday, October 22, 2013 12:22 PM
To: user@shiro.apache.org
Subject: Re: DefaultWebSessionManager

How are you running this?  I had problems with that happening, as well.  For me adding that config worked.  Maybe try to completely wipe out the temp and work directories of tomcat.  I've found that it can be rather aggressive in saving work it did in the past.
For what its worth, I'm also using tomcat7.  Specifically with the `mvn tomcat7:run` goal.

On Tue, Oct 22, 2013 at 3:00 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
Josh, I am using the 3.0 namespace declaration in web.xml.

From: Josh Berry [mailto:taeric@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 11:50 AM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

Make sure you are using version "3.0" of the web.xml namespace.  Not sure that tag gets used if you are using the older servlet specification.

On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
I'm using Tomcat 7.

From: M.C. Wilson [mailto:nijhazer@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 10:40 AM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty.

On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us>> wrote:

Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.

On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:

Interestingly, I tried that already and it didn't change anything.  I'm led to believe that Shiro is somehow overriding this.

From: Lenny Primak [mailto:lprimak@<mailto:lprimak@>hope.nyc.ny.us<http://hope.nyc.ny.us>]
Sent: Tuesday, October 22, 2013 10:32 AM
To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:

In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

Re: DefaultWebSessionManager

[Josh Berry <ta...@gmail.com>]

How are you running this?  I had problems with that happening, as well.
For me adding that config worked.  Maybe try to completely wipe out the
temp and work directories of tomcat.  I've found that it can be rather
aggressive in saving work it did in the past.

For what its worth, I'm also using tomcat7.  Specifically with the `mvn
tomcat7:run` goal.


On Tue, Oct 22, 2013 at 3:00 PM, Michael Chandler <
Michael.Chandler@onassignment.com> wrote:

>  Josh, I am using the 3.0 namespace declaration in web.xml.****
>
> ** **
>
> *From:* Josh Berry [mailto:taeric@gmail.com]
> *Sent:* Tuesday, October 22, 2013 11:50 AM
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ** **
>
> Make sure you are using version "3.0" of the web.xml namespace.  Not sure
> that tag gets used if you are using the older servlet specification.****
>
> ** **
>
> On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <
> Michael.Chandler@onassignment.com> wrote:****
>
> I’m using Tomcat 7.****
>
>  ****
>
> *From:* M.C. Wilson [mailto:nijhazer@gmail.com]
> *Sent:* Tuesday, October 22, 2013 10:40 AM****
>
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> Mr. Chandler, which container are you using in this example? I've seen
> this same thing when using Jetty.****
>
>  ****
>
> On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:
> ****
>
> ** **
>
> Sounds more like something else in your web container setup is overriding
> this.  I don't think there is an API to even do that.****
>
>  ****
>
> On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:****
>
> ** **
>
> Interestingly, I tried that already and it didn’t change anything.  I’m
> led to believe that Shiro is somehow overriding this.****
>
>  ****
>
> *From:* Lenny Primak [mailto:lprimak@hope.nyc.ny.us]
> *Sent:* Tuesday, October 22, 2013 10:32 AM
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> add this to your web.xml:****
>
>  ****
>
>     <session-config>****
>
>         <session-timeout>120</session-timeout>****
>
>         <tracking-mode>COOKIE</tracking-mode>****
>
>     </session-config>****
>
>  ****
>
>  ****
>
> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:****
>
>
>
> ****
>
> In using the DefaultWebSessionManager, I’m finding that Shiro is appending
> “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was
> the default.  The DefaultWebSessionManager constructor appears to set
> sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m
> still seeing the JSESSIONID value in the query string, which is having a
> poor effect on my Spring MVC mappings.****
>
>  ****
>
> Does anyone have any advice on how to get around this problem?  Ideally, I
> would prefer to use cookies.****
>
>  ****
>
> Mike****
>
>  ****
>
>
> The information transmitted, including attachments, is intended only for
> the person or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this e-mail in error, please notify the sender immediately by
> replying to the message and deleting the material from your computer.****
>
>  ****
>
>  ****
>
>  ****
>
> ** **
>

RE: DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

Josh, I am using the 3.0 namespace declaration in web.xml.

From: Josh Berry [mailto:taeric@gmail.com]
Sent: Tuesday, October 22, 2013 11:50 AM
To: user@shiro.apache.org
Subject: Re: DefaultWebSessionManager

Make sure you are using version "3.0" of the web.xml namespace.  Not sure that tag gets used if you are using the older servlet specification.

On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <Mi...@onassignment.com>> wrote:
I'm using Tomcat 7.

From: M.C. Wilson [mailto:nijhazer@gmail.com<ma...@gmail.com>]
Sent: Tuesday, October 22, 2013 10:40 AM

To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty.

On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us>> wrote:

Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.

On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:

Interestingly, I tried that already and it didn't change anything.  I'm led to believe that Shiro is somehow overriding this.

From: Lenny Primak [mailto:lprimak@<mailto:lprimak@>hope.nyc.ny.us<http://hope.nyc.ny.us>]
Sent: Tuesday, October 22, 2013 10:32 AM
To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:


In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

Re: DefaultWebSessionManager

[Josh Berry <ta...@gmail.com>]

Make sure you are using version "3.0" of the web.xml namespace.  Not sure
that tag gets used if you are using the older servlet specification.


On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <
Michael.Chandler@onassignment.com> wrote:

>  I’m using Tomcat 7.****
>
> ** **
>
> *From:* M.C. Wilson [mailto:nijhazer@gmail.com]
> *Sent:* Tuesday, October 22, 2013 10:40 AM
>
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ** **
>
> Mr. Chandler, which container are you using in this example? I've seen
> this same thing when using Jetty.****
>
> ** **
>
> On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:
> ****
>
>
>
> ****
>
> Sounds more like something else in your web container setup is overriding
> this.  I don't think there is an API to even do that.****
>
> ** **
>
> On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:****
>
>
>
> ****
>
> Interestingly, I tried that already and it didn’t change anything.  I’m
> led to believe that Shiro is somehow overriding this.****
>
>  ****
>
> *From:* Lenny Primak [mailto:lprimak@hope.nyc.ny.us]
> *Sent:* Tuesday, October 22, 2013 10:32 AM
> *To:* user@shiro.apache.org
> *Subject:* Re: DefaultWebSessionManager****
>
>  ****
>
> add this to your web.xml:****
>
>  ****
>
>     <session-config>****
>
>         <session-timeout>120</session-timeout>****
>
>         <tracking-mode>COOKIE</tracking-mode>****
>
>     </session-config>****
>
>  ****
>
>  ****
>
> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:****
>
>
>
>
> ****
>
> In using the DefaultWebSessionManager, I’m finding that Shiro is appending
> “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was
> the default.  The DefaultWebSessionManager constructor appears to set
> sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m
> still seeing the JSESSIONID value in the query string, which is having a
> poor effect on my Spring MVC mappings.****
>
>  ****
>
> Does anyone have any advice on how to get around this problem?  Ideally, I
> would prefer to use cookies.****
>
>  ****
>
> Mike****
>
>  ****
>
>
> The information transmitted, including attachments, is intended only for
> the person or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other use of, or taking of any action in reliance upon this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this e-mail in error, please notify the sender immediately by
> replying to the message and deleting the material from your computer.****
>
>  ****
>
> ** **
>
> ** **
>

RE: DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

I'm using Tomcat 7.

From: M.C. Wilson [mailto:nijhazer@gmail.com]
Sent: Tuesday, October 22, 2013 10:40 AM
To: user@shiro.apache.org
Subject: Re: DefaultWebSessionManager

Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty.

On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us>> wrote:


Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.

On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:


Interestingly, I tried that already and it didn't change anything.  I'm led to believe that Shiro is somehow overriding this.

From: Lenny Primak [mailto:lprimak@hope.nyc.ny.us<http://hope.nyc.ny.us>]
Sent: Tuesday, October 22, 2013 10:32 AM
To: user@shiro.apache.org<ma...@shiro.apache.org>
Subject: Re: DefaultWebSessionManager

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:



In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

Re: DefaultWebSessionManager

["M.C. Wilson" <ni...@gmail.com>]

Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty.

On Oct 22, 2013, at 10:37 AM, Lenny Primak <lp...@hope.nyc.ny.us> wrote:

> Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.
> 
> On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:
> 
>> Interestingly, I tried that already and it didn’t change anything.  I’m led to believe that Shiro is somehow overriding this.
>>  
>> From: Lenny Primak [mailto:lprimak@hope.nyc.ny.us] 
>> Sent: Tuesday, October 22, 2013 10:32 AM
>> To: user@shiro.apache.org
>> Subject: Re: DefaultWebSessionManager
>>  
>> add this to your web.xml:
>>  
>>     <session-config>
>>         <session-timeout>120</session-timeout>
>>         <tracking-mode>COOKIE</tracking-mode>
>>     </session-config>
>>  
>>  
>> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:
>> 
>> 
>> In using the DefaultWebSessionManager, I’m finding that Shiro is appending “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.
>>  
>> Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.
>>  
>> Mike
>>  
>> 
>> The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.
>>  
> 

Re: DefaultWebSessionManager

[Lenny Primak <lp...@hope.nyc.ny.us>]

Sounds more like something else in your web container setup is overriding this.  I don't think there is an API to even do that.

On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:

> Interestingly, I tried that already and it didn’t change anything.  I’m led to believe that Shiro is somehow overriding this.
>  
> From: Lenny Primak [mailto:lprimak@hope.nyc.ny.us] 
> Sent: Tuesday, October 22, 2013 10:32 AM
> To: user@shiro.apache.org
> Subject: Re: DefaultWebSessionManager
>  
> add this to your web.xml:
>  
>     <session-config>
>         <session-timeout>120</session-timeout>
>         <tracking-mode>COOKIE</tracking-mode>
>     </session-config>
>  
>  
> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:
> 
> 
> In using the DefaultWebSessionManager, I’m finding that Shiro is appending “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.
>  
> Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.
>  
> Mike
>  
> 
> The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.
>  

RE: DefaultWebSessionManager

[Michael Chandler <Mi...@onassignment.com>]

Interestingly, I tried that already and it didn't change anything.  I'm led to believe that Shiro is somehow overriding this.

From: Lenny Primak [mailto:lprimak@hope.nyc.ny.us]
Sent: Tuesday, October 22, 2013 10:32 AM
To: user@shiro.apache.org
Subject: Re: DefaultWebSessionManager

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:


In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.

Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.

Mike


The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.

Re: DefaultWebSessionManager

[Lenny Primak <lp...@hope.nyc.ny.us>]

add this to your web.xml:

    <session-config>
        <session-timeout>120</session-timeout>
        <tracking-mode>COOKIE</tracking-mode>
    </session-config>


On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:

> In using the DefaultWebSessionManager, I’m finding that Shiro is appending “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was the default.  The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie.  Nevertheless, I’m still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings.
>  
> Does anyone have any advice on how to get around this problem?  Ideally, I would prefer to use cookies.
>  
> Mike
>  
> 
> The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.