I just did an initial login and subsequent access, and it appears to be finding that cookie. I'll have to try again in a little bit to see if, after a period of time, I get a different response. The logs had the below:
2012-06-07 15:24:21,819 [http-bio-8080-exec-3] DEBUG org.apache.shiro.session.mgt.DefaultSessionManager .create:175 - Creating new EIS record for new session instance [org.apache.shiro.session.mgt.SimpleSession,id=null] 2012-06-07 15:24:21,820 [http-bio-8080-exec-3] DEBUG org.apache.shiro.web.servlet.SimpleCookie .addCookieHeader:226 - Added HttpServletResponse Cookie [JSESSIONID=6ca59e24-d8c8-497c-bcc4-3b2d02a9d121; Path=/mhrx; HttpOnly] ... some of my own debugging 2012-06-07 15:25:29,167 [http-bio-8080-exec-5] DEBUG org.apache.shiro.web.servlet.SimpleCookie .readValue:366 - Found 'JSESSIONID' cookie value [6ca59e24-d8c8-497c-bcc4-3b2d02a9d121] I'm not sure it matters, but I do have my own Realm implementation, as well as my own LoginFilter that extends AuthenticatingFilter. I don't recall seeing anything in the superclasses that could screw this part up, though. I'll post back in a little bit with what happens with the expired attempt. -- View this message in context: http://shiro-user.582556.n2.nabble.com/Native-session-management-for-web-sessions-tp7577474p7577476.html Sent from the Shiro User mailing list archive at Nabble.com.
