Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-487

Session path parameter must be "JSESSIONID", not "jsessionid"

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.2.2
    • None
    • Session Management, Web

    Description

      The DefaultWebSessionManager only looks for the session id in a path parameter with the name of "JSESSIONID" (all uppercase, not lowercase), and this cannot be configured. This should either be configurable, or just "jsessionid" (all lower case).

      The 3.0 servlet spec, section 7.1.3 states: "The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid." Other servlet containers (tomcat, jetty, etc) use "jsessionid" as the path parameter for session ids.

      Since path parameters really shouldn't be used, the query parameter is configurable, and changing our existing client code isn't that big of a deal, I'm marking this as a minor issue. Just thought I would record it.

      Attachments

        Activity

          People

            Unassigned Unassigned
            tkent Terence Kent
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: