Shiro
  1. Shiro
  2. SHIRO-351

Shiro Native Session implementation cannot extract JSESSIONID From URL if JSESSIONID is URL parameter (not HTTP parameter)

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.2.0
    • Fix Version/s: 1.2.2, 1.3.0
    • Component/s: Web
    • Labels:
      None
    • Environment:
      N/A

      Description

      The background for this issue is here:

      http://shiro-user.582556.n2.nabble.com/Shiro-Native-Sessions-quot-JSESSIONID-quot-or-quot-JSESSIONID-quot-td7367217.html

      In summary the issue is that Shiro supports extracting JSESSIONID from urls of this format:

      http://www.mycompany.com/myResource?JSESSIONID=ABCDEF

      but not of this format (this URL format is generated by HTTPServletResponse encodeURL method and is Servlet specification 2.5 compliant):

      http://www.mycompany.com/myResource;JSESSIONID=ABCDEF

      Shiro should be able to support both URL formats.

        Activity

        Gareth Collins created issue -
        Les Hazlewood made changes -
        Field Original Value New Value
        Status Open [ 1 ] Resolved [ 5 ]
        Fix Version/s 1.2.2 [ 12323469 ]
        Fix Version/s 1.3.0 [ 12317961 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Gareth Collins
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development