(shiro-site) branch main updated: enh: added docs about URL session tracking configuration options in Jakarta EE integration module (#239)

Fri, 17 Oct 2025 21:41:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

fpapon pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 3503a8126 enh: added docs about URL session tracking configuration 
options in Jakarta EE integration module (#239)
3503a8126 is described below

commit 3503a8126ab7304a6f90856225f506219769f5cd
Author: Lenny Primak <[email protected]>
AuthorDate: Tue Oct 14 23:57:19 2025 -0500

    enh: added docs about URL session tracking configuration options in Jakarta 
EE integration module (#239)
---
 src/site/content/jakarta-ee.adoc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc
index 7d16dc994..731bd736e 100644
--- a/src/site/content/jakarta-ee.adoc
+++ b/src/site/content/jakarta-ee.adoc
@@ -180,6 +180,24 @@ The module adds `ShiroFilter` to the Servlet 
configuration. For most cases, the
 </filter-mapping>
 ... other filters ...
 ----
+Ordinarily, Jakarta EE integration module will remove URL session tracking 
mode from the configuration, overriding any other session tracking 
configuration specified in `web.xml`. This is to align with good security 
practices. If URL tracking mode is desired (such as for testing or historical 
reasons), add the following to `web.xml`:
+[source,xml]
+.Note: this parameter is only available in Shiro 2.0.6 or later
+----
+<context-param>
+    <param-name>org.apache.shiro.ee.enable-url-session-tracking</param-name>
+    <param-value>true</param-value>
+</context-param>
+----
+If no manipulation of session tracking modes is desired at all, add the 
following to `web.xml`:
+[source,xml]
+.Note: this parameter is only available in Shiro 2.0.6 or later
+----
+<context-param>
+    
<param-name>org.apache.shiro.ee.session-tracking-configuration.disabled</param-name>
+    <param-value>true</param-value>
+</context-param>
+----
 Shiro Jakarta EE filter forces request encoding to UTF-8. This is the desired 
outcome for most, if not all cases. However, if this is not desired, you can 
disable it by adding the following parameter to `web.xml`:
 [source,xml]
 .Note: this parameter is only available in Shiro 2.0.6 or later

Reply via email to