So I currently have Shiro working in a Spring MVC Web App with REST api, but it is storing the sessionID in a cookie. The currentUser is being added into ThreadLocal via the ShiroFilter created by the ShiroFilterFactoryBean.
I want to change it to not use cookies, but as part of the json body request. Besides our web app, we are also accessing it via a non-web app, and they are complaining about having to write all this (low level) code to get the value from the cookie, and then having to add it in another request as a cookie value in the Header. I feel if I wrote a custom Filter I could do this and have this code instead new Subject.Builder().sessionId(sessionId).buildSubject() in it. Where I can get the sessionID from the body of the request instead of the Header. Anyone know how I can accomplish this? Thanks Mark -- View this message in context: http://shiro-user.582556.n2.nabble.com/Moving-SessionID-from-cookie-to-RequestBody-json-tp7578645.html Sent from the Shiro User mailing list archive at Nabble.com.
