I totally disagree that having a web server on your workstation is either impossible or inconvenient.
Both apache and nginx are very simple to install on any OS, wouldn't slowdown any application development or deployment on your workstation, and any issues with configuration and integration will be caught very early on in your release cycle. I would strongly suggest having it in place if that is what you use in production. On 16 April 2014 07:45, Dominic Farr <[email protected]> wrote: > FYI: In order for that directive to work you must be using servlet 3.0 or > higher in your web.xml. > On 15 Apr 2014 23:53, "Lenny Primak" <[email protected]> wrote: > >> If you are using Servlet session management (not Shiro native) >> this shouldn't be a problem: >> >> Try pugging this into your web.xml: >> <session-config> >> <tracking-mode>COOKIE</tracking-mode> >> </session-config> >> >> Excerpt from Shiro documentation: >> >> HttpServletResponse implementation to support URL Encoding of Shiro >> Session IDs. >> It is only used when using Shiro's native Session Management >> configuration (and not when using the Servlet Container session >> configuration, which is Shiro's default in a web environment). Because the >> servlet container already performs url encoding of its own session ids, >> instances of this class are only needed when using Shiro native sessions. >> Note that this implementation relies in part on source code from the >> Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we >> didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 >> license, all regular licenses and conditions have remained in tact. >> >> Since:0.2 >> >> >> On Apr 15, 2014, at 5:30 PM, Dominic Farr wrote: >> >> adding the session id to the url is a fall back because the server isn't >> sure the browser allows cookies at the time of session creation. and >> although ; is a valid separator in the http spec, it does break spring >> urls. >> >> do you front your shiro app with a web server like apache or nginx? if >> you do, you can add a rewrite rule that removed jsessionid. >> eg. >> >> ReWriteRule ^(.*);JSESSIONID=.*$ $1 [L,R=301] >> >> this rule isn't production ready, so please examine it before use. >> >> >> >> >> >> >> On 15 April 2014 20:59, Anton <[email protected]> wrote: >> >>> Good day, everybody. >>> >>> ShiroHttpServletResponse has overridden encodeURL(String url) method, >>> which >>> add JSESSIONID parameter to the urls. >>> So all links in a HTML page inserted using Spring macros (spring.ulr etc) >>> become invalid. >>> >>> This happens on the first request, then cookie with session id is not set >>> yet. >>> >>> Aforementioned method encodeURL use isEncodeable, which looks like: >>> >>> protected boolean isEncodeable(final String location) { >>> >>> if (location == null) >>> return (false); >>> >>> // Is this an intra-document reference? >>> if (location.startsWith("#")) >>> return (false); >>> >>> // Are we in a valid session that is not using cookies? >>> final HttpServletRequest hreq = request; >>> final HttpSession session = hreq.getSession(false); >>> 1) if (session == null) >>> return (false); >>> 2) if (hreq.isRequestedSessionIdFromCookie()) >>> return (false); >>> >>> return doIsEncodeable(hreq, session, location); >>> } >>> >>> 1) A session has been already created, so session != null >>> 2) but it's a brand new session, so >>> hreq.isRequestedSessionIdFromCookie() == >>> false >>> As result we have, that url will be encoded though cookie are used. >>> >>> Is it a bug, or I misunderstood something?? >>> Please help :) >>> >>> >>> >>> -- >>> View this message in context: >>> http://shiro-user.582556.n2.nabble.com/Problem-with-JSESSIONID-tp7579874.html >>> Sent from the Shiro User mailing list archive at Nabble.com. >>> >> >> >>
