Hello, I am protecting a webapp with Shiro (not using Shiro's native sessions). The webapp is protected from "/" with a simple shiro.ini such as:
[main] authc.loginUrl = /login/index.action authc.successUrl = /home/index.action [urls] /login/** = anon /images/** = anon /scripts/** = anon /css/** = anon /** = authc When a non-authenticated user is trying to access "/" is correctly redirected to the login page however, an http session is automatically created at this point by Shiro. 1/ Would it be possible to avoid this and only have a session being created when my own application logic requests to do so? 2/ Is this maybe a result of Shiro wanting to save the originally requested URL and if yes, would it be possible to instruct Shiro to perform some kind of URL rewriting instead of creating a session? 3/ Can I turn completely off the saveRequest functionality through shiro.ini? thanks!
