[
https://issues.apache.org/jira/browse/SHIRO-351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Les Hazlewood resolved SHIRO-351.
---------------------------------
Resolution: Fixed
Fix Version/s: 1.3.0
1.2.2
Fixed in 1.2.x branch (for the upcoming 1.2.2 release) and in trunk.
This fix however does NOT support custom sessionId names - it only works with
JSESSIONID. The problem is that the URL Rewriting logic in the
ShiroHttpServletResponse does not have direct access to the SessionManager
implementation to consult for the sessionIdName property. This requires a much
deeper fix that should be implemented, but at a later date (probably 2.0).
> Shiro Native Session implementation cannot extract JSESSIONID From URL if
> JSESSIONID is URL parameter (not HTTP parameter)
> --------------------------------------------------------------------------------------------------------------------------
>
> Key: SHIRO-351
> URL: https://issues.apache.org/jira/browse/SHIRO-351
> Project: Shiro
> Issue Type: Bug
> Components: Web
> Affects Versions: 1.2.0
> Environment: N/A
> Reporter: Gareth Collins
> Fix For: 1.2.2, 1.3.0
>
>
> The background for this issue is here:
> http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-quot-JSESSIONID-quot-or-quot-JSESSIONID-quot-td7367217.html
> In summary the issue is that Shiro supports extracting JSESSIONID from urls
> of this format:
> http://www.mycompany.com/myResource?JSESSIONID=ABCDEF
> but not of this format (this URL format is generated by HTTPServletResponse
> encodeURL method and is Servlet specification 2.5 compliant):
> http://www.mycompany.com/myResource;JSESSIONID=ABCDEF
> Shiro should be able to support both URL formats.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
