Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 45495200BAA for ; Thu, 13 Oct 2016 08:19:40 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 43F6F160AEE; Thu, 13 Oct 2016 06:19:40 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id ABF13160ACA for ; Thu, 13 Oct 2016 08:19:39 +0200 (CEST) Received: (qmail 53338 invoked by uid 500); 13 Oct 2016 06:19:37 -0000 Mailing-List: contact user-help@shiro.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@shiro.apache.org Delivered-To: mailing list user@shiro.apache.org Received: (qmail 53328 invoked by uid 99); 13 Oct 2016 06:19:37 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 13 Oct 2016 06:19:37 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 1033D1A0020 for ; Thu, 13 Oct 2016 06:19:37 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id 3zgUpgalZulH for ; Thu, 13 Oct 2016 06:19:35 +0000 (UTC) Received: from mail.sync.ro (mail.sync.ro [86.122.135.108]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id AFEC75FB37 for ; Thu, 13 Oct 2016 06:19:34 +0000 (UTC) Received: from [10.0.0.138] (unknown [10.0.0.138]) by mail.sync.ro (Postfix) with ESMTPSA id F313A26884 for ; Thu, 13 Oct 2016 09:19:19 +0300 (EEST) To: "user@shiro.apache.org" From: Gabriel Titerlea Subject: Use an http header instead of a session cookie Message-ID: <05bf4097-aaf0-8baf-1124-cec789f16899@sync.ro> Date: Thu, 13 Oct 2016 09:19:19 +0300 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit archived-at: Thu, 13 Oct 2016 06:19:40 -0000 Hello, I want to use an http header instead of a cookie for session management. I have a web-service which is accessed from a web client (web application) and from a desktop client (desktop application). I want the desktop client to receive a session header which will be used for subsequent requests as a session id (Similar to OAuth authorization tokens). The desktop client and the web client will send all requests with this session header instead of a cookie. How can I make shiro look for a certain header and not for a cookie when determining whether an http request is authenticated or not? Thank you, Gabriel