It's not about what the version number in web.xml, but the really servlet version that your container supports. If your container only supports servlet 2.5, the way you write the web.xml will not work.
Can you tell me what your web container is? Tomcat or such as Weblogic? On Fri, Jul 10, 2015 at 3:55 PM, Nagaraju Kurma < [email protected]> wrote: > Hello Rui Tang, > > I am using servlet 3.0 only and my web.xml as follows. > > <web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; > *version="3.0"*> > > Sorry i am not clear to implement this configuration my application as i > am not running any jetty configuration at all. > > Could you please elaborate the explanation towards configuration files to > hide the JSESSIONID in my simple spring & shiro based web application. > > > > > On Fri, Jul 10, 2015 at 12:58 PM, Rui Tang <[email protected]> wrote: > >> <session-config> is available for servlet 3.0. If you use web containers >> that support lower version, you have to config it via container's config. >> >> E.g. for jetty, >> http://www.eclipse.org/jetty/documentation/current/session-management.html >> >> On Fri, Jul 10, 2015 at 2:15 PM, Nagaraju Kurma < >> [email protected]> wrote: >> >>> Hello Team, >>> >>> Thanks for your valuable time spending. >>> >>> *1) Session Fixation* >>> >>> Implemented the same as the above link describes, Its working fine but >>> it is like out side of the framework and not developer friendly. As this is >>> a high security concern some where we need to have a configuration as part >>> of shiro only. >>> >>> *2) Session Token in url* >>> >>> I am having one more question that on first request after session got >>> started *JSESSIONID *is appending in the url as follows >>> >>> >>> http://localhost:8080/myapp1/anon/login;JSESSIONID=c04cd50c-65fc-4448-9a27-732e6d40dfad >>> >>> This is also one of the security concern, How to resolve it? Anybody >>> having any work around about this? >>> >>> I am working with spring & shiro so i tried with the following >>> configuration but got failed. >>> >>> <session-config> >>> <tracking-mode>COOKIE</tracking-mode> >>> </session-config> >>> >>> >>> >>> >>> >>> >>> >>> On Fri, Jul 10, 2015 at 11:19 AM, Rui Tang <[email protected]> wrote: >>> >>>> Here's an issue about this problem. >>>> >>>> https://issues.apache.org/jira/browse/SHIRO-170 >>>> >>>> Even though it hasn't been fixed, but in comment, there's some >>>> workaround. >>>> >>>> On Thu, Jul 9, 2015 at 1:26 PM, Nagaraju Kurma < >>>> [email protected]> wrote: >>>> >>>>> Hi Team, >>>>> >>>>> Is there any workaround on this? >>>>> >>>>> -- >>>>> >>>>> Thanks & Regards >>>>> >>>>> Nagaraju Kurma >>>>> >>>> >>>> >>>> >>>> -- >>>> 唐睿 >>>> >>> >>> >>> >>> -- >>> >>> Thanks & Regards >>> >>> Nagaraju Kurma >>> >> >> >> >> -- >> 唐睿 >> > > > > -- > > Thanks & Regards > > Nagaraju Kurma > -- 唐睿
