shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maciej Matys (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-351) Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)
Date Tue, 15 Jan 2013 14:28:16 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-351?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13553835#comment-13553835
] 

Maciej Matys commented on SHIRO-351:
------------------------------------

ShiroHttpServletResponse.encodeRedirectURL() and encodeURL() should add session id in servlet
2.5 compliant way so as a URI path parameter and session id name should be based on shiro
configuration see DefaultWebSessionManager. getSessionIdName().
Parsing URI path parameters should also be fixed in DefaultWebSessionManager.

                
> Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID
is URL parameter (not HTTP parameter)
> --------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SHIRO-351
>                 URL: https://issues.apache.org/jira/browse/SHIRO-351
>             Project: Shiro
>          Issue Type: Bug
>          Components: Web
>    Affects Versions: 1.2.0
>         Environment: N/A
>            Reporter: Gareth Collins
>
> The background for this issue is here:
> http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-quot-JSESSIONID-quot-or-quot-JSESSIONID-quot-td7367217.html
> In summary the issue is that Shiro supports extracting JSESSIONID from urls of this format:
> http://www.mycompany.com/myResource?JSESSIONID=ABCDEF
> but not of this format (this URL format is generated by HTTPServletResponse encodeURL
method and is Servlet specification 2.5 compliant):
> http://www.mycompany.com/myResource;JSESSIONID=ABCDEF
> Shiro should be able to support both URL formats.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message