shiro-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jono Morris (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SHIRO-361) HttpServletResponse.encodeURL: only append JSESSIONID when necessary
Date Mon, 02 Sep 2013 10:12:51 GMT

    [ https://issues.apache.org/jira/browse/SHIRO-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13755998#comment-13755998
] 

Jono Morris commented on SHIRO-361:
-----------------------------------

Hi

Just want to confirm that we're referring to disabling cookies using the 'sessionIdCookieEnabled'
property of the DefaultWebSessionManager here and that the application will fall back to URL
rewriting only when this property is set to false.  

URL rewriting may also be turned of in the UrlEncoder implementation being coded for SHIRO-360.
So it would possible to entirely turn off session tracking.
                
> HttpServletResponse.encodeURL: only append JSESSIONID when necessary
> --------------------------------------------------------------------
>
>                 Key: SHIRO-361
>                 URL: https://issues.apache.org/jira/browse/SHIRO-361
>             Project: Shiro
>          Issue Type: Improvement
>          Components: Web
>            Reporter: Les Hazlewood
>             Fix For: 1.3.0
>
>
> The JSESSIONID only needs to be added to the URL when cookies are disabled.  Ideally,
this would be resolved via SHIRO-360.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message