Josh, I am using the 3.0 namespace declaration in web.xml. From: Josh Berry [mailto:[email protected]] Sent: Tuesday, October 22, 2013 11:50 AM To: [email protected] Subject: Re: DefaultWebSessionManager
Make sure you are using version "3.0" of the web.xml namespace. Not sure that tag gets used if you are using the older servlet specification. On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler <[email protected]<mailto:[email protected]>> wrote: I'm using Tomcat 7. From: M.C. Wilson [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, October 22, 2013 10:40 AM To: [email protected]<mailto:[email protected]> Subject: Re: DefaultWebSessionManager Mr. Chandler, which container are you using in this example? I've seen this same thing when using Jetty. On Oct 22, 2013, at 10:37 AM, Lenny Primak <[email protected]<mailto:[email protected]>> wrote: Sounds more like something else in your web container setup is overriding this. I don't think there is an API to even do that. On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote: Interestingly, I tried that already and it didn't change anything. I'm led to believe that Shiro is somehow overriding this. From: Lenny Primak [mailto:lprimak@<mailto:lprimak@>hope.nyc.ny.us<http://hope.nyc.ny.us>] Sent: Tuesday, October 22, 2013 10:32 AM To: [email protected]<mailto:[email protected]> Subject: Re: DefaultWebSessionManager add this to your web.xml: <session-config> <session-timeout>120</session-timeout> <tracking-mode>COOKIE</tracking-mode> </session-config> On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote: In using the DefaultWebSessionManager, I'm finding that Shiro is appending ";JSESSIONID=###" to my URLs instead of using cookies, which I thought was the default. The DefaultWebSessionManager constructor appears to set sessionIdCookieEnabled to true and set a default cookie. Nevertheless, I'm still seeing the JSESSIONID value in the query string, which is having a poor effect on my Spring MVC mappings. Does anyone have any advice on how to get around this problem? Ideally, I would prefer to use cookies. Mike The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.
