Oops, I mean 'rarely support' - not submit. -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282
On Fri, Apr 26, 2013 at 2:01 PM, Les Hazlewood <[email protected]> wrote: > Just a general comment: REST APIs rarely submit identity information in > the request payload - it's just rather unconventional. It is almost always > done as a header (e.g. `Set-Cookie` or `Authorization`). > > On Mon, Apr 22, 2013 at 1:21 PM, NabbleSometimesSucks < > [email protected]> wrote: > >> I actually think I should and can write the code to support both. I'll >> just >> have different URLs. The ones I have for cookie based approach, and other >> URLs for sessionID in the body. >> >> For the cookie based I can use >> >> SecurityUtils.getSubject(); >> >> and for non Cookie based use >> >> new Subject.Builder().sessionId(sessionID).buildSubject(); >> >> Thanks >> >> Mark >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Moving-SessionID-from-cookie-to-RequestBody-json-tp7578645p7578646.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > >
