[
https://issues.apache.org/jira/browse/SHIRO-795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17220188#comment-17220188
]
Mahendran Mookkiah commented on SHIRO-795:
------------------------------------------
Hi [~bdemers],
It is clear. I felt the same and wonder how does it make more secure. Let me
ask security experts from owasp/zapproxy.
3rd point is something I should work towards understanding.
Thanks for your explanation.
> Disable session path rewriting by default
> -----------------------------------------
>
> Key: SHIRO-795
> URL: https://issues.apache.org/jira/browse/SHIRO-795
> Project: Shiro
> Issue Type: Improvement
> Reporter: Brian Demers
> Priority: Major
> Fix For: 2.0.0, 1.7.0
>
>
> After the addition of the "Invalid Request Filter", URL session rewriting is
> disabled.
> {code:java}
> # Enable the configuraiton in the session manager
> sessionManager.sessionIdUrlRewritingEnabled = true
> # and the invalid request filter
> invalidRequest.blockSemicolon = false{code}
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
