Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-487

Session path parameter must be "JSESSIONID", not "jsessionid"

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.2.2
    • Fix Version/s: None
    • Component/s: Session Management, Web
    • Labels:

      Description

      The DefaultWebSessionManager only looks for the session id in a path parameter with the name of "JSESSIONID" (all uppercase, not lowercase), and this cannot be configured. This should either be configurable, or just "jsessionid" (all lower case).

      The 3.0 servlet spec, section 7.1.3 states: "The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid." Other servlet containers (tomcat, jetty, etc) use "jsessionid" as the path parameter for session ids.

      Since path parameters really shouldn't be used, the query parameter is configurable, and changing our existing client code isn't that big of a deal, I'm marking this as a minor issue. Just thought I would record it.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tkent Terence Kent
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: