This is an automated email from the ASF dual-hosted git repository. lprimak pushed a commit to branch ee-session-tracking in repository https://gitbox.apache.org/repos/asf/shiro-site.git
commit 89a5bd763281bf077dd43de8dcc881cff0bcb852 Author: lprimak <[email protected]> AuthorDate: Thu Oct 2 18:35:00 2025 -0500 enh: added docs about URL session tracking configuration options in Jakarta EE integration module --- src/site/content/jakarta-ee.adoc | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc index 6cf77973a..faad8b377 100644 --- a/src/site/content/jakarta-ee.adoc +++ b/src/site/content/jakarta-ee.adoc @@ -180,6 +180,24 @@ The module adds `ShiroFilter` to the Servlet configuration. For most cases, the </filter-mapping> ... other filters ... ---- +Ordinarily, Jakarta EE integration module will remove URL session tracking mode from the configuration, overriding any other session tracking configuration specified in `web.xml`. This is to align with good security practices. If URL tracking mode is desired, add the following to `web.xml`: +[source,xml] +.Note: this parameter is only available in Shiro 2.0.6 or later +---- +<context-param> + <param-name>org.apache.shiro.ee.enable-url-session-tracking</param-name> + <param-value>true</param-value> +</context-param> +---- +If no manipulation of session tracking modes is desired at all, add the following to `web.xml`: +[source,xml] +.Note: this parameter is only available in Shiro 2.0.6 or later +---- +<context-param> + <param-name>org.apache.shiro.ee.session-tracking-configuration.disabled</param-name> + <param-value>true</param-value> +</context-param> +---- ==== Shiro.ini file locations The module finds shiro.ini in the same manner as link:web.html#custom_configuration_locations[Web Configuration] (WEB-INF/shiro.ini by default). Additionally, configuration is enhanced to merge two separate configuration files:
