Hello Les,
I am using Jetty 7.5.4 (as part of Pax Web which is installed as part of
Apache Karaf).
Thanks for the Servlet 2.5 reference. So if Shiro is adding the JSESSIONID
in a servlet compliant way, then then the code in the getReferencedSessionId
method from org.apache.shiro.web.session.mgt.DefaultWebSessionManager
appears incorrect (the full code sample is in my above post). The code for
getting the session from the URL is this:
//not in a cookie, or cookie is disabled - try the request
params as a fallback (i.e. URL rewriting):
id =
request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
if (id == null) {
//try lowercase:
id =
request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase());
}
.
.
request.getParameter() gets http parameters, not URL path parameters (like
";JSESSIONID=") so Shiro will always fail to extract the JSESSIONID. This
link tends to suggest that there is no API in the Servlet spec which can
extract URL path parameters. Instead the full path needs to be retrieved via
getRequestURI() and the path parameter is then extracted manually:
https://cdivilly.wordpress.com/2011/04/22/java-servlets-uri-parameters/
Does this appear correct? Should I add the JIRA? I could even try and fix
it...
thanks in advance,
Gareth
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-JSESSIONID-or-JSESSIONID-tp7367217p7397601.html
Sent from the Shiro User mailing list archive at Nabble.com.
