This happens to me only after login, and I am also using Tomcat. From: Albert Kam [mailto:[email protected]] Sent: Friday, November 15, 2013 10:13 AM To: [email protected] Subject: Re: Removing ;JSESSIONID=xxx from the url after login ?
Thanks for sharing. I just downloaded the latest tapestry, along with tapestry security (shiro) source, and grepping jsessionid string doesnt show up anything. I suspect this might be container issue then. I wonder if everyone experiencing the same problem uses tomcat only :) On Sat, Nov 16, 2013 at 12:40 AM, Lenny Primak <[email protected]<mailto:[email protected]>> wrote: I don't remember the exact specifics now (it's been a while since I've seen this) but I will try to answer. I am using Tapestry and Tapestry-Security with Shiro. Tapestry-Security has it's own Shiro filter which isn't a "real" Servlet filter but something similar in Tapestry world. I am not using pre-built Shiro filter. I NEVER see ;JSESSIONID anywhere in the URL. Ever. On Nov 15, 2013, at 12:14 PM, Albert Kam wrote: Hello Lenny, i'm curious about your success story. Setting session-config works fine also for me, JSESSIONID is gone for all urls, except the url that's produced after a successful login, which in my case the session is first created. I hope you dont mind asking some specifics : - Do you use apache shiro filter for login ? - Do JSESSIONID shows up in the first request for the webapp ? or perhaps it shows up after the first successful login ? On Fri, Nov 15, 2013 at 11:52 PM, Lenny Primak <[email protected]<mailto:[email protected]>> wrote: I was able to fix it with previously suggested session-config command in web.xml Not sure why it didn't work for some people on here but it worked for me on glassfish. > On Nov 15, 2013, at 9:01 AM, versatec > <[email protected]<mailto:[email protected]>> wrote: > > whoops, missed the part where you say the JSESSIONID is appended to url > *after *login. On glassfish it happens only when the *login page itself is > displayed* both when logout redirects to login page or when navigation > points to login page first time > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Removing-JSESSIONID-xxx-from-the-url-after-login-tp7579370p7579383.html > Sent from the Shiro User mailing list archive at > Nabble.com<http://Nabble.com>. > -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this e-mail in error, please notify the sender immediately by replying to the message and deleting the material from your computer.
