I don't remember the exact specifics now (it's been a while since I've seen this) but I will try to answer.
I am using Tapestry and Tapestry-Security with Shiro. Tapestry-Security has it's own Shiro filter which isn't a "real" Servlet filter but something similar in Tapestry world. I am not using pre-built Shiro filter. I NEVER see ;JSESSIONID anywhere in the URL. Ever. On Nov 15, 2013, at 12:14 PM, Albert Kam wrote: > Hello Lenny, i'm curious about your success story. > Setting session-config works fine also for me, JSESSIONID is gone for all > urls, > except the url that's produced after a successful login, which in my case > the session is first created. > > I hope you dont mind asking some specifics : > - Do you use apache shiro filter for login ? > - Do JSESSIONID shows up in the first request for the webapp ? > or perhaps it shows up after the first successful login ? > > > > On Fri, Nov 15, 2013 at 11:52 PM, Lenny Primak <[email protected]> wrote: > I was able to fix it with previously suggested session-config command in > web.xml > Not sure why it didn't work for some people on here but it worked for me on > glassfish. > > > On Nov 15, 2013, at 9:01 AM, versatec <[email protected]> wrote: > > > > whoops, missed the part where you say the JSESSIONID is appended to url > > *after *login. On glassfish it happens only when the *login page itself is > > displayed* both when logout redirects to login page or when navigation > > points to login page first time > > > > > > > > -- > > View this message in context: > > http://shiro-user.582556.n2.nabble.com/Removing-JSESSIONID-xxx-from-the-url-after-login-tp7579370p7579383.html > > Sent from the Shiro User mailing list archive at Nabble.com. > > > > > > -- > Do not pursue the past. Do not lose yourself in the future. > The past no longer is. The future has not yet come. > Looking deeply at life as it is in the very here and now, > the practitioner dwells in stability and freedom. > (Thich Nhat Hanh)
