Googling further, I have come across the below web.xml settings.
<session-config>
<cookie-config>
<http-only>true</http-only>
<secure>true</secure>
</cookie-config>
</session-config>
Even after this I am seeing the same issue. Should we do any client-side
programming to resolve this? I see few posts, that have commented that, the
browser does automatic stripping of cookies. I have no clue if that is true,
and if so, what could be the possible solutions.
--
View this message in context:
http://shiro-user.582556.n2.nabble.com/Shiro-authentication-cache-does-not-work-when-security-is-enabled-tp7581053p7581057.html
Sent from the Shiro User mailing list archive at Nabble.com.
