Terence Kent created SHIRO-487:
----------------------------------
Summary: JSESSIONID is not configurable as path parameter, only as
a query parameter
Key: SHIRO-487
URL: https://issues.apache.org/jira/browse/SHIRO-487
Project: Shiro
Issue Type: Bug
Components: Session Management, Web
Affects Versions: 1.2.2
Reporter: Terence Kent
Priority: Minor
The DefaultWebSessionManager only looks for the session id in a path parameter
with the name of "JSESSIONID" (all uppercase, not lowercase), and this cannot
be configured. This should either be configurable, or just "jsessionid" (all
lower case).
The 3.0 servlet spec, section 7.1.3 states: "The session ID must be encoded as
a path parameter in the URL string. The name of the parameter must be
jsessionid." Other servlet containers (tomcat, jetty, etc) use "jsessionid" as
the path parameter for session ids.
Since path parameters really shouldn't be used, the query parameter *is*
configurable, and changing our existing client code isn't that big of a deal,
I'm marking this as a minor issue. Just thought I would record it.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
