Hi, I have resolved this by below stuff: Add Access-Control-Allow-Credentials in cors.exposed.headers and cors.allowed.origins set to * in web.xml.
Also, from UI Ajax call, xhr.withcredentials=true -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-authentication-cache-does-not-work-when-security-is-enabled-tp7581053p7581065.html Sent from the Shiro User mailing list archive at Nabble.com.
