whoops, missed the part where you say the JSESSIONID is appended to url *after *login. On glassfish it happens only when the *login page itself is displayed* both when logout redirects to login page or when navigation points to login page first time
-- View this message in context: http://shiro-user.582556.n2.nabble.com/Removing-JSESSIONID-xxx-from-the-url-after-login-tp7579370p7579383.html Sent from the Shiro User mailing list archive at Nabble.com.
