org.apache.shiro.web.mgt.DefaultWebSecurityManager.java
/**
* @since 1.0
*/
public boolean isHttpSessionMode() {
return this.sessionMode == null ||
this.sessionMode.equals(HTTP_SESSION_MODE);
}
---------------------------------------------------------------------------------------
may be error,and i think this method should as bellow:
public boolean isHttpSessionMode() {
String sm = getSessionMode();
return (sm!= null && sm.equals(HTTP_SESSION_MODE));
}
--
View this message in context:
http://shiro-developer.582600.n2.nabble.com/DefaultWebSecurityManager-isHttpSessionMode-may-be-error-tp6457753p6457753.html
Sent from the Shiro Developer mailing list archive at Nabble.com.
