[
https://issues.apache.org/jira/browse/SHIRO-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13755998#comment-13755998
]
Jono Morris commented on SHIRO-361:
-----------------------------------
Hi
Just want to confirm that we're referring to disabling cookies using the
'sessionIdCookieEnabled' property of the DefaultWebSessionManager here and that
the application will fall back to URL rewriting only when this property is set
to false.
URL rewriting may also be turned of in the UrlEncoder implementation being
coded for SHIRO-360. So it would possible to entirely turn off session tracking.
> HttpServletResponse.encodeURL: only append JSESSIONID when necessary
> --------------------------------------------------------------------
>
> Key: SHIRO-361
> URL: https://issues.apache.org/jira/browse/SHIRO-361
> Project: Shiro
> Issue Type: Improvement
> Components: Web
> Reporter: Les Hazlewood
> Fix For: 1.3.0
>
>
> The JSESSIONID only needs to be added to the URL when cookies are disabled.
> Ideally, this would be resolved via SHIRO-360.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
