I actually think I should and can write the code to support both. I'll just have different URLs. The ones I have for cookie based approach, and other URLs for sessionID in the body.
For the cookie based I can use SecurityUtils.getSubject(); and for non Cookie based use new Subject.Builder().sessionId(sessionID).buildSubject(); Thanks Mark -- View this message in context: http://shiro-user.582556.n2.nabble.com/Moving-SessionID-from-cookie-to-RequestBody-json-tp7578645p7578646.html Sent from the Shiro User mailing list archive at Nabble.com.
