Hi! I recently upgraded from Shiro 1.13 to 2.0.5. Basically all went fine and my existing web-application is working as expected. Many thanks for your hard work, especially for the EE- and CDI-integration!
However, I found out, that when I added shiro-jakarta-ee as a dependency,
the session-tracking-modes from my web-application changed from {COOKIE,
URL} to {COOKIE} only.
After some investigation I found that
org.apache.shiro.ee.listeners.EnvironmentLoaderListener explicitly sets
this at the end of the contextInitialized() method:
https://github.com/apache/shiro/blob/bfda5a280922fe536fd218206297be4da8c80621/support/jakarta-ee/src/main/java/org/apache/shiro/ee/listeners/EnvironmentLoaderListener.java#L83
I'm wondering is this by intention? What's the reason behind this?
(Yes, I know session-tracking via URL is not recommended, but that's not
the point here. One can configure it via web.xml but shiro overwrites
this configuration.)
Best regards,
- martin
pgpspj8q0oKm0.pgp
Description: Digitale Signatur von OpenPGP
