[
https://issues.apache.org/jira/browse/SHIRO-361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13766800#comment-13766800
]
Les Hazlewood commented on SHIRO-361:
-------------------------------------
Hi Jono,
I think we need to investigate this more. If the UrlEncoder implementation's
session ID writing is disabled and 'sessionIdCookieEnabled' is false, then, as
you say, no session tracking can occur. I think this would be an invalid
configuration and perhaps we should throw an exception at startup to indicate
this.
Is this your concern? Any other thoughts?
> HttpServletResponse.encodeURL: only append JSESSIONID when necessary
> --------------------------------------------------------------------
>
> Key: SHIRO-361
> URL: https://issues.apache.org/jira/browse/SHIRO-361
> Project: Shiro
> Issue Type: Improvement
> Components: Web
> Reporter: Les Hazlewood
> Fix For: 1.3.0
>
>
> The JSESSIONID only needs to be added to the URL when cookies are disabled.
> Ideally, this would be resolved via SHIRO-360.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
