This is an automated email from the ASF dual-hosted git repository. lprimak pushed a commit to branch ee-session-tracking in repository https://gitbox.apache.org/repos/asf/shiro-site.git
commit 4db65143e39ea1d662e934688449cd3b2608cea5 Author: lprimak <[email protected]> AuthorDate: Thu Oct 2 18:32:21 2025 -0500 enh: added docs about URL session tracking configuration options in Jakarta EE integration module --- src/site/content/jakarta-ee.adoc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc index 6cf77973a..3d20d9ab4 100644 --- a/src/site/content/jakarta-ee.adoc +++ b/src/site/content/jakarta-ee.adoc @@ -180,6 +180,22 @@ The module adds `ShiroFilter` to the Servlet configuration. For most cases, the </filter-mapping> ... other filters ... ---- +Ordinarily, Jakarta EE integration module will remove URL session tracking mode from the configuration, overriding any other session tracking configuration specified in `web.xml`. This is to align with good security practices. If URL tracking mode is desired, add the following to `web.xml`: +[source,xml] +---- +<context-param> + <param-name>org.apache.shiro.ee.enable-url-session-tracking</param-name> + <param-value>true</param-value> +</context-param> +---- +If no manipulation of session tracking modes is desired at all, add the following to `web.xml`: +[source,xml] +---- +<context-param> + <param-name>org.apache.shiro.ee.session-tracking-configuration.disabled</param-name> + <param-value>true</param-value> +</context-param> +---- ==== Shiro.ini file locations The module finds shiro.ini in the same manner as link:web.html#custom_configuration_locations[Web Configuration] (WEB-INF/shiro.ini by default). Additionally, configuration is enhanced to merge two separate configuration files:
