I did some more research on this. I see that the ShiroHTTPServletResponse is
the one that sets the JSESSIONID using ";" (rather than the base
HttpServletResponse), which is weird as Shiro is expecting "?" on subsequent
requests. Is there something I am missing here?
thanks in advance,
Gareth
/**
* Encode the session identifier associated with this response
* into the specified URL, if necessary.
*
* @param url URL to be encoded
*/
public String encodeURL(String url) {
String absolute = toAbsolute(url);
if (isEncodeable(absolute)) {
// W3c spec clearly said
if (url.equalsIgnoreCase("")) {
url = absolute;
}
return toEncoded(url, request.getSession().getId());
} else {
return url;
}
}
protected String toEncoded(String url, String sessionId) {
if ((url == null) || (sessionId == null))
return (url);
String path = url;
String query = "";
String anchor = "";
int question = url.indexOf('?');
if (question >= 0) {
path = url.substring(0, question);
query = url.substring(question);
}
int pound = path.indexOf('#');
if (pound >= 0) {
anchor = path.substring(pound);
path = path.substring(0, pound);
}
StringBuilder sb = new StringBuilder(path);
if (sb.length() > 0) { // session id param can't be first.
sb.append(";");
sb.append(DEFAULT_SESSION_ID_PARAMETER_NAME);
sb.append("=");
sb.append(sessionId);
}
sb.append(anchor);
sb.append(query);
return (sb.toString());
}
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-JSESSIONID-or-JSESSIONID-tp7367217p7368935.html
Sent from the Shiro User mailing list archive at Nabble.com.
