The issue seems to have magically resolved itself: can't reproduce it. In general, do I need to set the max age of both the cookie and the session, or is it enough to set the max age of the cookie?
Thanks you so much for your help!! Regards, Harshdeep S Jawanda On 16 March 2017 at 21:29, Brian Demers <[email protected]> wrote: > I usually have url rewriting turned off due to session fixation, but if > you put a simple sample together, i bet we can help you out. > > On Thu, Mar 16, 2017 at 11:42 AM, Harshdeep S Jawanda <[email protected] > > wrote: > >> Btw, per my browser's settings, it does allow cookies. >> >> Sent from my Moto X2 >> >> On 16-Mar-2017 21:11, "Harshdeep S Jawanda" <[email protected]> wrote: >> >>> It does stop the exception from happening (a million thanks!!!), but now >>> there's a new issue: the redirection post -login (which was successful: the >>> correct username is printed in the logs) isn't working properly. >>> >>> Browser gives the message that the website is not redirecting properly. >>> The post-redirect URL (in browser's location bar) looks like: >>> example.com//;JSESSIONID=xyz (in this case it's supposed to redirect >>> back to homepage). I think it's the "//" part that might be causing the >>> problem. >>> >>> Investigating... >>> >>> Sent from my Moto X2 >>> >>> On 16-Mar-2017 20:37, "Brian Demers" <[email protected]> wrote: >>> >>> It should, give it a shot >>> >>> On Thu, Mar 16, 2017 at 10:49 AM, Harshdeep S Jawanda < >>> [email protected]> wrote: >>> >>>> >>>> On 16 March 2017 at 19:41, Brian Demers <[email protected]> wrote: >>>> >>>>> You can disable session validation: >>>>> https://shiro.apache.org/session-management.html#disabling-s >>>>> ession-validation >>>>> >>>>> >>>> And that should solve my problems when using DefaultWebSessionManager? >>>> >>>> Regards, >>>> Harshdeep S Jawanda >>>> >>> >>> >>> >
