For standalone application which has login page form, i don't have issues. My Shiro auth provider application doesn't have login page.
Another Java web application has login page and rest controller. It is spring rest application. Also, observed log files. Got to know that session id is not present in 2nd request. See below after successful authentication - 2018-03-14 07:36:35 DEBUG AbstractAuthenticator:233 - Authentication successful for token [org.apache.shiro.authc.UsernamePasswordToken - nitin, rememberMe=true]. Returned account [nitin] 2018-03-14 07:36:35 DEBUG DefaultSubjectContext:101 - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2018-03-14 07:36:35 DEBUG DefaultSubjectContext:101 - No SecurityManager available in subject context map. Falling back to SecurityUtils.getSecurityManager() lookup. 2018-03-14 07:36:35 DEBUG DefaultSessionManager:175 - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2018-03-14 07:36:35 DEBUG SimpleCookie:226 - Added HttpServletResponse Cookie [JSESSIONID=66bdc6a8-cf88-4d07-bb38-433754de2c19; Path=/keymanager; HttpOnly] 2018-03-14 07:36:35 DEBUG SimpleCookie:226 - Added HttpServletResponse Cookie [rememberMe=deleteMe; Path=/keymanager; Max-Age=0; Expires=Tue, 13-Mar-2018 02:06:35 GMT] 2018-03-14 07:38:34 DEBUG DefaultSessionManager:218 - Unable to resolve session ID from SessionKey [org.apache.shiro.web.session.mgt.WebSessionKey@4a2bc707]. Returning null to indicate a session could not be found. 2018-03-14 07:38:34 DEBUG DispatcherServlet:865 - DispatcherServlet with name 'keymanager' processing GET request for [/keymanager/auth/getalluser] 2018-03-14 07:38:34 DEBUG RequestMappingHandlerMapping:310 - Looking up handler method for path /auth/getalluser 2018-03-14 07:38:34 DEBUG RequestMappingHandlerMapping:317 - Returning handler method [public org.springframework.http.ResponseEntity<?> com.datalements.keymanager.api.AuthController.getAlluser()] 2018-03-14 07:38:34 DEBUG DefaultListableBeanFactory:251 - Returning cached instance of singleton bean 'authController' 2018-03-14 07:38:34 DEBUG DispatcherServlet:951 - Last-Modified value for [/keymanager/auth/getalluser] is: -1 2018-03-14 07:38:34 DEBUG JpaTransactionManager:367 - Creating new transaction with name [com.datalements.keymanager.auth.dao.AuthUserDAO.getAllUsers]: PROPAGATION_REQUIRED,ISOLATION_DEFAULT; '' 2018-03-14 07:38:34 DEBUG JpaTransactionManager:371 - Opened new EntityManager [org.hibernate.jpa.internal.EntityManagerImpl@6bbd16d0] for JPA transaction 2018-03-14 07:38:34 DEBUG DriverManagerDataSource:142 - Creating new JDBC DriverManager Connection to [jdbc:mysql://172.16.2.17:3306/keymanagerdb] 2018-03-14 07:38:35 DEBUG JpaTransactionManager:403 - Exposing JPA transaction as JDBC transaction [org.springframework.orm.jpa.vendor.HibernateJpaDialect$HibernateConnectionHandle@2988e413] 2018-03-14 07:38:35 DEBUG DefaultSessionManager:175 - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2018-03-14 07:38:35 DEBUG SimpleCookie:226 - Added HttpServletResponse Cookie [JSESSIONID=22c1bf3e-ff28-4f08-ab8e-7bdb8a48cde7; Path=/keymanager; HttpOnly] -- Sent from: http://shiro-developer.582600.n2.nabble.com/