shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Les Hazlewood (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-361) HttpServletResponse.encodeURL: only append JSESSIONID when necessary
Date Fri, 13 Sep 2013 18:51:51 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766800#comment-13766800
] 

Les Hazlewood commented on SHIRO-361:
-------------------------------------

Hi Jono,

I think we need to investigate this more.  If the UrlEncoder implementation's session ID writing
is disabled and 'sessionIdCookieEnabled' is false, then, as you say, no session tracking can
occur.  I think this would be an invalid configuration and perhaps we should throw an exception
at startup to indicate this.

Is this your concern? Any other thoughts?
                
> HttpServletResponse.encodeURL: only append JSESSIONID when necessary
> --------------------------------------------------------------------
>
>                 Key: SHIRO-361
>                 URL: https://issues.apache.org/jira/browse/SHIRO-361
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Web
>            Reporter: Les Hazlewood
>             Fix For: 1.3.0
>
>
> The JSESSIONID only needs to be added to the URL when cookies are disabled.  Ideally,
this would be resolved via SHIRO-360.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message