Actually that created another error:
09:44:53,127 WARNING
[javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-7)
#{login.login()}: java.lang.IllegalStateException: UT010033: No session:
javax.faces.FacesException: #{login.login()}:
java.lang.IllegalStateException: UT010033: No session
What appears to have fixed it for us is adding to the web.xml:
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Which appears to accomplish the same thing of getting the container to
NOT write the jsessionid into the url and then have Shiro block it due
to the semicolon. It's quite possible we have other settings/setup that
are getting in the way of turning off the url rewriting from within
Shiro. Either way...we are back to a fully working setup as far as I
can tell.
Thanks,
Dave
On 4/8/2021 1:41 PM, Brian Demers wrote:
Hi David!
Can you try making sure session rewriting is disabled:
securityManager.sessionManager.sessionIdUrlRewritingEnabled
https://github.com/apache/shiro/blob/a85dfcd8629294cd1c6bc3cdd34cbebb94e09662/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini#L29
<https://github.com/apache/shiro/blob/a85dfcd8629294cd1c6bc3cdd34cbebb94e09662/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini#L29>
This could also be happing from your servlet container (but my guess
is the above will fix your issue).
Let us know!