Hi, A user is having problems with a Grails application + Shiro plugin:
http://jira.codehaus.org/browse/GRAILSPLUGINS-1742 Basically, whenever the flash is modified, his session is dropped. I've debugged through the code and it seems that even in native mode, Shiro is using the JSESSIONID cookie. I don't know why it's happening, but the JSESSIONID cookie changes to the usual hash after the flash is modified. Perhaps a bug in Grails, but isn't it a bit dangerous to hijack the JSESSIONID cookie for our own purposes? Cheers, Peter
