Shiro Native Sessions - ";JSESSIONID" or "?JSESSIONID"?

[gcollins]

Hello,

In my servlet I am encoding the next URL that the client should use in the
following way:

response.encodeURL(nextURL); // response is a HTTPServletResponse

This adds the JSESSIONID (of the Shiro session) on to the end of the URL
with a ";" separator.

Shiro, however, doesn't appear to be happy with this. I stepped through the
getReferencedSessionId method. Shiro could not find the JSESSIONID in the
response URL when the ";" separator is used.

If I change the ";" to "?" then everything works as expected.

So I guess my question is - is this the expected behaviour? Is only "?"
supported for Shiro? Should response.encodeURL be avoided for adding the
JSESSIONID to the URL?

If someone could help me out here, it would be a big help.

thanks in advance,
Gareth Collins

private Serializable getReferencedSessionId(ServletRequest request,
ServletResponse response) {

        String id = getSessionIdCookieValue(request, response);
        if (id != null) {
           
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                    ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
        } else {
            //not in a cookie, or cookie is disabled - try the request
params as a fallback (i.e. URL rewriting):
            id =
request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);  << GC: not
found here
            if (id == null) {
                //try lowercase:
                id =
request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase());
            }
            if (id != null) {
               
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                        ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);
            }
        }
        if (id != null) {
           
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
            //automatically mark it valid here.  If it is invalid, the
            //onUnknownSession method below will be invoked and we'll remove
the attribute at that time.
           
request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID,
Boolean.TRUE);
        }
        return id;
    }




--
View this message in context: 
http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-JSESSIONID-or-JSESSIONID-tp7367217p7367217.html
Sent from the Shiro User mailing list archive at Nabble.com.