shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bengt Rodehav <be...@rodehav.com>
Subject Re: Using a different cookie name than JSESSIONID
Date Wed, 20 Jun 2012 19:21:23 GMT
Thanks a lot for you reply Jared,

I'm using native Shiro sessions. Will try setting the property you suggest
- thanks!

I'll also check whether the cookies really interfer - I haven't
investigated it thoroughly yet. I just noted that if I log into another
application on the same host (but different ports) then the first
application is logged out. I then assumed that the session cookies
overwrote each other but I honestly don't know if that is the case.

Whether the port is part of the "key" for the cookie could perhaps be
browser specific. I've only tested this on Chrome yet.

/Bengt

2012/6/20 Jared Bunting <jared.bunting@peachjean.com>

> Are you using native shiro sessions or container-managed sessions?  If
> native shiro sessions, you should be able to do something like this in
> shiro.ini:
>
> sessionManager.cookie.name=JSESSIONID_A
>
> Otherwise, you would need to consult your container to figure out how
> to change the cookie name.
>
> However, it seems odd to me that cookies for apps on different ports
> would interfere with each other.
>
> -Jared
>
> On Wed 20 Jun 2012 01:48:27 PM CDT, Bengt Rodehav wrote:
> > Does no one has any advice regarding this? I was hoping it was a not
> > so uncommon issue.
> >
> > /Bengt
> >
> > 2012/6/18 Bengt Rodehav <bengt@rodehav.com <mailto:bengt@rodehav.com>>
> >
> >     I'm using Shiro 1.1 running in Apache Karaf 2.2.5.
> >
> >     Often I install more than one web application on the same server
> >     (but using different ports). These applications are unrelated.
> >     However if I open them in separate tabs in the web browser they
> >     start interfering with each other. Imagine this scenario:
> >
> >     - Web application A and B are both installed on the same server.
> >     - Open the URL to application A in the first tab in the web
> >     browser and then log in
> >     - Open the URL to application B in the second tab in the web
> >     browser and then log in
> >     - Go back to the first tab in the web browser and issue a request.
> >     I then have to log in again since the server does not recognize
> >     the session id.
> >
> >     I haven't debugged this thoroughly but I think the problem is that
> >     the same cookie name (JSESSIONID) is used by both web
> >     applications. Therefore, the second log in (to application B) will
> >     overwrite the session id from the first log in.
> >
> >     I'm not sure if I'm doing something wrong here - this seems like a
> >     very common scenario (especially in a test environment). The
> >     obvious solution would be to make the name of the session cookie
> >     configurable so that application A could use a cookie called
> >     "JSESSIONID_A" and application B could use a cookie called
> >     "JSESSIONID_B". Is this possible with Shiro? Is there
> >     another/better way to solve this problem?
> >
> >     /Bengt
> >
> >
>
>
>

Mime
View raw message