Hello Team, I tried a lot and concluded with there is configuration as part of tomme *system.propeties*. But unfortunately this configuration is not working for me.
openejb.jsessionid-support = false http://tomee.apache.org/properties-listing.html Anybody is having any work around this? On Fri, Jul 10, 2015 at 2:26 PM, Nagaraju Kurma < [email protected]> wrote: > Hello Rui Tang, > > I am using the web container like apache tomme having the version like > *apache-tomee-plus-1.7.1* > > I think it is equivalent with apache tomcat with enhanced features having > application server behavior as follows > > Tomcat + Java EE = TomEE > > On Fri, Jul 10, 2015 at 1:31 PM, Rui Tang <[email protected]> wrote: > >> It's not about what the version number in web.xml, but the really servlet >> version that your container supports. If your container only supports >> servlet 2.5, the way you write the web.xml will not work. >> >> Can you tell me what your web container is? Tomcat or such as Weblogic? >> >> On Fri, Jul 10, 2015 at 3:55 PM, Nagaraju Kurma < >> [email protected]> wrote: >> >>> Hello Rui Tang, >>> >>> I am using servlet 3.0 only and my web.xml as follows. >>> >>> <web-app xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi=" >>> http://www.w3.org/2001/XMLSchema-instance"; >>> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee >>> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; >>> *version="3.0"*> >>> >>> Sorry i am not clear to implement this configuration my application as i >>> am not running any jetty configuration at all. >>> >>> Could you please elaborate the explanation towards configuration files >>> to hide the JSESSIONID in my simple spring & shiro based web application. >>> >>> >>> >>> >>> On Fri, Jul 10, 2015 at 12:58 PM, Rui Tang <[email protected]> wrote: >>> >>>> <session-config> is available for servlet 3.0. If you use web >>>> containers that support lower version, you have to config it via >>>> container's config. >>>> >>>> E.g. for jetty, >>>> http://www.eclipse.org/jetty/documentation/current/session-management.html >>>> >>>> On Fri, Jul 10, 2015 at 2:15 PM, Nagaraju Kurma < >>>> [email protected]> wrote: >>>> >>>>> Hello Team, >>>>> >>>>> Thanks for your valuable time spending. >>>>> >>>>> *1) Session Fixation* >>>>> >>>>> Implemented the same as the above link describes, Its working fine but >>>>> it is like out side of the framework and not developer friendly. As this >>>>> is >>>>> a high security concern some where we need to have a configuration as part >>>>> of shiro only. >>>>> >>>>> *2) Session Token in url* >>>>> >>>>> I am having one more question that on first request after session got >>>>> started *JSESSIONID *is appending in the url as follows >>>>> >>>>> >>>>> http://localhost:8080/myapp1/anon/login;JSESSIONID=c04cd50c-65fc-4448-9a27-732e6d40dfad >>>>> >>>>> This is also one of the security concern, How to resolve it? Anybody >>>>> having any work around about this? >>>>> >>>>> I am working with spring & shiro so i tried with the following >>>>> configuration but got failed. >>>>> >>>>> <session-config> >>>>> <tracking-mode>COOKIE</tracking-mode> >>>>> </session-config> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Fri, Jul 10, 2015 at 11:19 AM, Rui Tang <[email protected]> >>>>> wrote: >>>>> >>>>>> Here's an issue about this problem. >>>>>> >>>>>> https://issues.apache.org/jira/browse/SHIRO-170 >>>>>> >>>>>> Even though it hasn't been fixed, but in comment, there's some >>>>>> workaround. >>>>>> >>>>>> On Thu, Jul 9, 2015 at 1:26 PM, Nagaraju Kurma < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Team, >>>>>>> >>>>>>> Is there any workaround on this? >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Thanks & Regards >>>>>>> >>>>>>> Nagaraju Kurma >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> 唐睿 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Thanks & Regards >>>>> >>>>> Nagaraju Kurma >>>>> >>>> >>>> >>>> >>>> -- >>>> 唐睿 >>>> >>> >>> >>> >>> -- >>> >>> Thanks & Regards >>> >>> Nagaraju Kurma >>> >> >> >> >> -- >> 唐睿 >> > > > > -- > > Thanks & Regards > > Nagaraju Kurma > -- Thanks & Regards Nagaraju Kurma
