Hi, We have added Shiro to an existing enterprise application. Technically, it's several web applications. We implement SSO by caching Shiro native sessions via Coherence (we've built a CacheManager, quite similar to Shiro's built in EhCacheManager). In order to share the JSESSIONID-cookie over the apps' context roots, it's path is set to '/'. The apps run on WebLogic 10.3.6.
The problem: As Shiro sets its JSESSIONID-cookie on '/', so does WebLogic. It does this regardless of whether Shiro sets the cookie on '/' or on the apps ctx root. This leads to unpredictable behavior, depending on which version of the cookie gets read or written in which order. One solution is to rename Shiro's session cookie. However, for various other reasons, we'd rather keep the JSESSIONID name. Preferably, we'd like to stop WebLogic from setting it's own session cookie. I though Shiro native sessions was supposed to prevent this? Is this a peculiarity of (this version?) of WebLogic or does it occur on other appservers/servlet containers..? Regards, Lars -- View this message in context: http://shiro-user.582556.n2.nabble.com/Conflict-with-AppServer-JSESSIONID-tp7578066.html Sent from the Shiro User mailing list archive at Nabble.com.
