shiro-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gabriel Titerlea <>
Subject Use an http header instead of a session cookie
Date Thu, 13 Oct 2016 06:19:19 GMT

I want to use an http header instead of a cookie for session management.
I have a web-service which is accessed from a web client (web 
application) and from a desktop client (desktop application).
I want the desktop client to receive a session header which will be used 
for subsequent requests as a session id (Similar to OAuth authorization 
The desktop client and the web client will send all requests with this 
session header instead of a cookie.

How can I make shiro look for a certain header and not for a cookie when 
determining whether an http request is authenticated or not?

Thank you,

View raw message