I think I figured it out, with:
securityManager.sessionManager.sessionIdCookie.domain = yourdomain.tld
securityManager.sessionManager.sessionIdCookie.path = /
securityManager.sessionManager.sessionIdCookie.httpOnly = true
Thanks
On 08/28/2012 10:46 AM, Charles Syperski wrote:
Hello and thanks for an awesome project!
Here is my problem, I am attempting to do the poor mans SSO by using
domain level cookies (so multiple web apps/contexts can use the same
session) with terracotta. I think I have everything working with the
exception that when I add ShiroFilter to my web.xml:
<filter>
<filter-name>ShiroFilter</filter-name>
<filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
I can no longer use sessionCookieDomain= and sessionCookiePath= in my
applications context.xml to allow the cookie to be set at the domain
level. It seems that the Shiro filter is setting the JSESSIONID
cookie and not obeying the settings in the context tag. Is this
correct, can I get the Shiro Filter not set the context path or the
sub domain?
I am running:
Tomcat 7.0.27, shiro-core-1.2.0.jar, shiro-ehcache-1.2.0.jar and
shiro-web-1.2.0.jar with openjdk 1.7 on Ubuntu 12.04
Any help would be greatly appreciated!
Thanks,
Chuck
