HI,
We used to have the web security manager using http sessions but have now
switched to using native sessions to be able to use the seucurity manager
also in non-web contexts in the JVM. We are running an embedded Jetty server
that we configure for Apache loadbalancing with sticky sessions like this:
import org.mortbay.jetty.Server;
import org.mortbay.jetty.servlet.HashSessionIdManager;
Server server = new Server();
HashSessionIdManager sessionIdManager = new HashSessionIdManager();
sessionIdManager.setWorkerName("node1");
server.setSessionIdManager(sessionIdManager);
We have the IniShiroFilter configured in web.xml.
With Shiro configured for http sessions, web requests will have JSESSIONID's
ending with ".node1" as expected when hitting the server directly, but now
with native sessions we don't have this anymore, the JSESSION looks like I
is not even generated by Jetty (which usually has shorter ids than what we
see). It feels as if Shiro takes over and supplies a JSESSIONID of its own.
Does anyone understand what is going on here?
/Martin
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Is-JSESSIONID-generation-overtaken-by-Shiro-with-native-sessions-tp6246787p6246787.html
Sent from the Shiro User mailing list archive at Nabble.com.
