In my application I updated only the Shiro library, from shiro-all-1.2.3.jar to shiro-all-1.7.0.jar. I did not change any other libraries, nor configuration files, other than the build path to refer to the new Shiro library.
Users that were able to login before, are now not able to. Digging in the log files, it shows that the users do actually get logged in, and a session is associated with them. Watching the session cookie in the browser. When the user tries to log in, the initial session cookie that is shown in the browser is the same as one recorded in the logs. This initial session cookie gets replaced immediately with a different one. Therefore the user cannot login into the application. Printing out all the active sessions: three sessions are displayed, and only the initial session is associated with the user. One of the other two sessions is the one displayed in the browser. Trying to figure what's happening and what causes this. Trying to figure out what settings do I need to change, to make the application work as before. Thanks a bunch! -Alina. -- Sent from: http://shiro-user.582556.n2.nabble.com/
