You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Nagaraju Kurma <na...@enhancesys.com> on 2015/07/10 15:04:21 UTC

Re: ;JSESSIONID= in URL

Hello Team,

After digging it into low level finally confirmed that the following
configuration will not read the session configuration done in web.xml

*<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> *
*</bean>*


*<session-config>        <tracking-mode>COOKIE</tracking-mode>
</session-config>*
If i replace *ServletContainerSessionManager* the above
*DefaultWebSessionManager *then the following configuration got effected.

*<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.*
*ServletContainerSessionManager* *"> **</bean>*

*<session-config>*
*        <tracking-mode>COOKIE</tracking-mode>*
*    </session-config>*

On Wed, Sep 17, 2014 at 9:52 PM, niels <op...@gmail.com> wrote:

> Thanks for the hint. I didn't found it via google. But I still think it
> would
> be good if shiro address this issue by providing a filter.
> However I'm unsure if it's a good idea to disable url-encoding :-/ but it's
> a workaround.
>
> The reason, why I think it's shiro issue, is the following:
> - My app without security never has a session-id in the url.
> - My app with spring security never has a session-idin the url.
> - My app with shiro has the session-id in the url.
>
> I hope you can see the point. And I'm still not understand why the behavior
> change.
>
> Regards
> Niels
>
>
>
>
> --
> View this message in context:
> http://shiro-user.582556.n2.nabble.com/JSESSIONID-in-URL-tp7580232p7580235.html
> Sent from the Shiro User mailing list archive at Nabble.com.
>



-- 

Thanks & Regards

Nagaraju Kurma