You ever get this figured out? I don't personally use Eclipse, but I know I coworker had to do a full "clean" and republish a few times to get changes to stick. I believe that was mostly because Eclipse had a hard time working with the maven build, though.
I can say that I had this problem before I upgraded to tomcat7 and made the suggested change to the web.xml. As you note, it seemed to only happen on the initial authentication (for me, it would only happen on the selenium tests). On Tue, Oct 22, 2013 at 4:34 PM, Michael Chandler < [email protected]> wrote: > I’m running Tomcat within Eclipse as opposed to deploying via a Maven > goal. I wiped the temp and work directories of Tomcat only to find that > it’s still happening. What I discovered, however, is that it only appends > the ;JSESSIONID= upon initial authentication. This gives me something to > work with, but I’m still baffled as to why it happens. Based on what I’m > seeing in the logs, the JSESSIONID cookie is being created and read > successfully, so I’m confused. It simply shouldn’t be doing that.**** > > ** ** > > *From:* Josh Berry [mailto:[email protected]] > *Sent:* Tuesday, October 22, 2013 12:22 PM > > *To:* [email protected] > *Subject:* Re: DefaultWebSessionManager**** > > ** ** > > How are you running this? I had problems with that happening, as well. > For me adding that config worked. Maybe try to completely wipe out the > temp and work directories of tomcat. I've found that it can be rather > aggressive in saving work it did in the past.**** > > For what its worth, I'm also using tomcat7. Specifically with the `mvn > tomcat7:run` goal.**** > > ** ** > > On Tue, Oct 22, 2013 at 3:00 PM, Michael Chandler < > [email protected]> wrote:**** > > Josh, I am using the 3.0 namespace declaration in web.xml.**** > > **** > > *From:* Josh Berry [mailto:[email protected]] > *Sent:* Tuesday, October 22, 2013 11:50 AM**** > > > *To:* [email protected] > *Subject:* Re: DefaultWebSessionManager**** > > **** > > Make sure you are using version "3.0" of the web.xml namespace. Not sure > that tag gets used if you are using the older servlet specification.**** > > **** > > On Tue, Oct 22, 2013 at 1:42 PM, Michael Chandler < > [email protected]> wrote:**** > > I’m using Tomcat 7.**** > > **** > > *From:* M.C. Wilson [mailto:[email protected]] > *Sent:* Tuesday, October 22, 2013 10:40 AM**** > > > *To:* [email protected] > *Subject:* Re: DefaultWebSessionManager**** > > **** > > Mr. Chandler, which container are you using in this example? I've seen > this same thing when using Jetty.**** > > **** > > On Oct 22, 2013, at 10:37 AM, Lenny Primak <[email protected]> wrote: > **** > > **** > > Sounds more like something else in your web container setup is overriding > this. I don't think there is an API to even do that.**** > > **** > > On Oct 22, 2013, at 1:36 PM, Michael Chandler wrote:**** > > **** > > Interestingly, I tried that already and it didn’t change anything. I’m > led to believe that Shiro is somehow overriding this.**** > > **** > > *From:* Lenny Primak [mailto:[email protected]] > *Sent:* Tuesday, October 22, 2013 10:32 AM > *To:* [email protected] > *Subject:* Re: DefaultWebSessionManager**** > > **** > > add this to your web.xml:**** > > **** > > <session-config>**** > > <session-timeout>120</session-timeout>**** > > <tracking-mode>COOKIE</tracking-mode>**** > > </session-config>**** > > **** > > **** > > On Oct 22, 2013, at 1:30 PM, Michael Chandler wrote:**** > > ** ** > > In using the DefaultWebSessionManager, I’m finding that Shiro is appending > “;JSESSIONID=###” to my URLs instead of using cookies, which I thought was > the default. The DefaultWebSessionManager constructor appears to set > sessionIdCookieEnabled to true and set a default cookie. Nevertheless, I’m > still seeing the JSESSIONID value in the query string, which is having a > poor effect on my Spring MVC mappings.**** > > **** > > Does anyone have any advice on how to get around this problem? Ideally, I > would prefer to use cookies.**** > > **** > > Mike**** > > **** > > > The information transmitted, including attachments, is intended only for > the person or entity to which it is addressed and may contain confidential > and/or privileged material. Any review, retransmission, dissemination or > other use of, or taking of any action in reliance upon this information by > persons or entities other than the intended recipient is prohibited. If you > received this e-mail in error, please notify the sender immediately by > replying to the message and deleting the material from your computer.**** > > **** > > **** > > **** > > **** > > ** ** >
