I'm using Shiro 1.1 running in Apache Karaf 2.2.5. Often I install more than one web application on the same server (but using different ports). These applications are unrelated. However if I open them in separate tabs in the web browser they start interfering with each other. Imagine this scenario:
- Web application A and B are both installed on the same server. - Open the URL to application A in the first tab in the web browser and then log in - Open the URL to application B in the second tab in the web browser and then log in - Go back to the first tab in the web browser and issue a request. I then have to log in again since the server does not recognize the session id. I haven't debugged this thoroughly but I think the problem is that the same cookie name (JSESSIONID) is used by both web applications. Therefore, the second log in (to application B) will overwrite the session id from the first log in. I'm not sure if I'm doing something wrong here - this seems like a very common scenario (especially in a test environment). The obvious solution would be to make the name of the session cookie configurable so that application A could use a cookie called "JSESSIONID_A" and application B could use a cookie called "JSESSIONID_B". Is this possible with Shiro? Is there another/better way to solve this problem? /Bengt
