Hello Team, After digging it into low level finally confirmed that the following configuration will not read the session configuration done in web.xml
*<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager"> * *</bean>* *<session-config> <tracking-mode>COOKIE</tracking-mode> </session-config>* If i replace *ServletContainerSessionManager* the above *DefaultWebSessionManager *then the following configuration got effected. *<bean id="sessionManager" class="org.apache.shiro.web.session.mgt.* *ServletContainerSessionManager* *"> **</bean>* *<session-config>* * <tracking-mode>COOKIE</tracking-mode>* * </session-config>* On Wed, Sep 17, 2014 at 9:52 PM, niels <[email protected]> wrote: > Thanks for the hint. I didn't found it via google. But I still think it > would > be good if shiro address this issue by providing a filter. > However I'm unsure if it's a good idea to disable url-encoding :-/ but it's > a workaround. > > The reason, why I think it's shiro issue, is the following: > - My app without security never has a session-id in the url. > - My app with spring security never has a session-idin the url. > - My app with shiro has the session-id in the url. > > I hope you can see the point. And I'm still not understand why the behavior > change. > > Regards > Niels > > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/JSESSIONID-in-URL-tp7580232p7580235.html > Sent from the Shiro User mailing list archive at Nabble.com. > -- Thanks & Regards Nagaraju Kurma
