FYI: In order for that directive to work you must be using servlet 3.0 or higher in your web.xml. On 15 Apr 2014 23:53, "Lenny Primak" <[email protected]> wrote:
> If you are using Servlet session management (not Shiro native) > this shouldn't be a problem: > > Try pugging this into your web.xml: > <session-config> > <tracking-mode>COOKIE</tracking-mode> > </session-config> > > Excerpt from Shiro documentation: > > HttpServletResponse implementation to support URL Encoding of Shiro > Session IDs. > It is only used when using Shiro's native Session Management configuration > (and not when using the Servlet Container session configuration, which is > Shiro's default in a web environment). Because the servlet container > already performs url encoding of its own session ids, instances of this > class are only needed when using Shiro native sessions. > Note that this implementation relies in part on source code from the > Tomcat 6.x distribution for encoding URLs for session ID URL Rewriting (we > didn't want to re-invent the wheel). Since Shiro is also Apache 2.0 > license, all regular licenses and conditions have remained in tact. > > Since:0.2 > > > On Apr 15, 2014, at 5:30 PM, Dominic Farr wrote: > > adding the session id to the url is a fall back because the server isn't > sure the browser allows cookies at the time of session creation. and > although ; is a valid separator in the http spec, it does break spring > urls. > > do you front your shiro app with a web server like apache or nginx? if > you do, you can add a rewrite rule that removed jsessionid. > eg. > > ReWriteRule ^(.*);JSESSIONID=.*$ $1 [L,R=301] > > this rule isn't production ready, so please examine it before use. > > > > > > > On 15 April 2014 20:59, Anton <[email protected]> wrote: > >> Good day, everybody. >> >> ShiroHttpServletResponse has overridden encodeURL(String url) method, >> which >> add JSESSIONID parameter to the urls. >> So all links in a HTML page inserted using Spring macros (spring.ulr etc) >> become invalid. >> >> This happens on the first request, then cookie with session id is not set >> yet. >> >> Aforementioned method encodeURL use isEncodeable, which looks like: >> >> protected boolean isEncodeable(final String location) { >> >> if (location == null) >> return (false); >> >> // Is this an intra-document reference? >> if (location.startsWith("#")) >> return (false); >> >> // Are we in a valid session that is not using cookies? >> final HttpServletRequest hreq = request; >> final HttpSession session = hreq.getSession(false); >> 1) if (session == null) >> return (false); >> 2) if (hreq.isRequestedSessionIdFromCookie()) >> return (false); >> >> return doIsEncodeable(hreq, session, location); >> } >> >> 1) A session has been already created, so session != null >> 2) but it's a brand new session, so hreq.isRequestedSessionIdFromCookie() >> == >> false >> As result we have, that url will be encoded though cookie are used. >> >> Is it a bug, or I misunderstood something?? >> Please help :) >> >> >> >> -- >> View this message in context: >> http://shiro-user.582556.n2.nabble.com/Problem-with-JSESSIONID-tp7579874.html >> Sent from the Shiro User mailing list archive at Nabble.com. >> > > >
