Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-487

Session path parameter must be "JSESSIONID", not "jsessionid"

Agile BoardAttach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.2.2
    • None
    • Session Management, Web

    Description

      The DefaultWebSessionManager only looks for the session id in a path parameter with the name of "JSESSIONID" (all uppercase, not lowercase), and this cannot be configured. This should either be configurable, or just "jsessionid" (all lower case).

      The 3.0 servlet spec, section 7.1.3 states: "The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid." Other servlet containers (tomcat, jetty, etc) use "jsessionid" as the path parameter for session ids.

      Since path parameters really shouldn't be used, the query parameter is configurable, and changing our existing client code isn't that big of a deal, I'm marking this as a minor issue. Just thought I would record it.

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            tkent Terence Kent
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment