Thanks for following up David!
On Mon, Apr 12, 2021 at 9:54 AM David Stutzman <[email protected]> wrote:
> Actually that created another error:
> 09:44:53,127 WARNING
> [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-7)
> #{login.login()}: java.lang.IllegalStateException: UT010033: No session:
> javax.faces.FacesException: #{login.login()}:
> java.lang.IllegalStateException: UT010033: No session
>
> What appears to have fixed it for us is adding to the web.xml:
> <session-config>
> <tracking-mode>COOKIE</tracking-mode>
> </session-config>
>
> Which appears to accomplish the same thing of getting the container to
> NOT write the jsessionid into the url and then have Shiro block it due
> to the semicolon. It's quite possible we have other settings/setup that
> are getting in the way of turning off the url rewriting from within
> Shiro. Either way...we are back to a fully working setup as far as I
> can tell.
>
> Thanks,
> Dave
>
> On 4/8/2021 1:41 PM, Brian Demers wrote:
> > Hi David!
> >
> > Can you try making sure session rewriting is disabled:
> >
> > securityManager.sessionManager.sessionIdUrlRewritingEnabled
> >
> >
> https://github.com/apache/shiro/blob/a85dfcd8629294cd1c6bc3cdd34cbebb94e09662/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini#L29
> > <
> https://github.com/apache/shiro/blob/a85dfcd8629294cd1c6bc3cdd34cbebb94e09662/samples/servlet-plugin/src/main/webapp/WEB-INF/shiro.ini#L29
> >
> >
> > This could also be happing from your servlet container (but my guess
> > is the above will fix your issue).
> >
> > Let us know!
>
