Just a general comment: REST APIs rarely submit identity information in the request payload - it's just rather unconventional. It is almost always done as a header (e.g. `Set-Cookie` or `Authorization`).
-- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Mon, Apr 22, 2013 at 1:21 PM, NabbleSometimesSucks < [email protected]> wrote: > I actually think I should and can write the code to support both. I'll just > have different URLs. The ones I have for cookie based approach, and other > URLs for sessionID in the body. > > For the cookie based I can use > > SecurityUtils.getSubject(); > > and for non Cookie based use > > new Subject.Builder().sessionId(sessionID).buildSubject(); > > Thanks > > Mark > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Moving-SessionID-from-cookie-to-RequestBody-json-tp7578645p7578646.html > Sent from the Shiro User mailing list archive at Nabble.com. >
