Hi Mark, The JSESSIONID cookie is stored in the browser - restarting a web container has no effect on whether that cookie will exist on the browser or not.
If you're using Shiro's native session clustering, then the Sessions are persisted in your session store and will still be available after container restarts. This is by design to ensure that when a web node in a cluster dies, it does not remove the session so it can be used on another node. If you're not using Shiro's native sessions, and you haven't clustered your web container, then you should see the JSESSIONID cookie be replaced with a new one on container restart. HTH, -- Les Hazlewood | @lhazlewood CTO, Stormpath | http://stormpath.com | @goStormpath | 888.391.5282 On Wed, Jun 19, 2013 at 4:48 PM, NabbleSometimesSucks <[email protected]> wrote: > So I know this used to work, but now it isn't > > Basically, I login to my webapp. I get the JSESSIONID cookie on my browser. > > I stop the web container then restart it. The page is refreshed and shows > that the user is not logged in. but the JSESSIONID cookie is still showing > up > > <http://shiro-user.582556.n2.nabble.com/file/n7578858/Screen_Shot_2013-06-19_at_4.46.53_PM.png> > > That cookie should no longer be there. And I am NOT using rememberMe. > > Thanks > > Mark > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Restarting-Tomcat-user-no-longer-logged-in-but-there-is-still-the-JSESSIONID-cookie-tp7578858.html > Sent from the Shiro User mailing list archive at Nabble.com.
