Don't use all upper case in your subject line. It's very annoying and equates to yelling over email. Bad form. Otherwise there is an option in web.xml to not use jsessionid attribute. Take a look at the documentation. I don't remember what this option is exactly.
On Jul 25, 2013, at 3:53 AM, Nagaraju Kurma <[email protected]> wrote: > http://localhost:8080/SomeProjecct/login;JSESSIONID=0df6336e-3372-44a1-8d8e-52c50defefd3 > > i would like to hide this jsession id from the url..... > > when is observe shiro security API it is stating like this > > > HttpServletResponse implementation to support URL Encoding of Shiro Session > IDs. > It is only used when using Shiro's native Session Management configuration > (and not when using the Servlet Container session configuration, which is > Shiro's default in a web environment). Because the servlet container already > performs url encoding of its own session ids, instances of this class are > only needed when using Shiro native sessions. > > Note that this implementation relies in part on source code from the Tomcat > 6.x distribution for encoding URLs for session ID URL Rewriting (we didn't > want to re-invent the wheel). Since Shiro is also Apache 2.0 license, all > regular licenses and conditions have remained in tact. > > > > but in anyways i am forced to hide the jsession id from url, please does > anybody issue the solution, > > > > very thankful to u :) > > > > > > -- > Regards, > > Nagaraju.
