A friend of mine tried registering but is having issues getting on the mailing
list, so I am going to try posting for them.
---
Hello
I am a bit confused on the paradigm on how we are supposed to work our
All browsers handle sessions for you, so on the web client you need *not*
check sessions but instead just do form authentication:
https://shiro.apache.org/webapp-tutorial.html#step3 (you need not use a JSP
page, any POST operation that results in the same HTTP request will work)
And then the browse
Thanks for the information, I appreciate your time as does my friend.
That's interesting you don't need a JSP page, I thought that was needed in
order to work with Shiro, but I guess that's just normal if you're going to
make a JAva application with Shiro.
I believe his Desktop Client is JAva
Sorry for the double email, but hit reply too fast. I was looking at your
comment about "not sending" the Subject, but isn't the Subject created based on
the user's machine? It seems that when you get the security info and then
getSubject that it will get a Subject fo the current machine. Is
Hello,
I want to use an http header instead of a cookie for session management.
I have a web-service which is accessed from a web client (web
application) and from a desktop client (desktop application).
I want the desktop client to receive a session header which will be used
for subsequent req