Checkout https://shiro.apache.org/web.html#Web-NativeSessions
Disabling the Session Cookie If you do not want session cookies to be used, you can disable their use by configuring the sessionIdCookieEnabled property to false. For example: [main] ... securityManager.sessionManager.sessionIdCookieEnabled = false -- View this message in context: http://shiro-user.582556.n2.nabble.com/Making-shiro-authentication-authorization-works-without-using-cookies-tp7579659p7579793.html Sent from the Shiro User mailing list archive at Nabble.com.
