Find forums and through source code analysis, confirmed in ShiroHttpServletResponse in the plus. Thus ShiroHttpServletResponse class inheritance, cover the corresponding method can then rewrite ShiroFilterFactoryBean added JSESSIONID portion removed. Rewriting ShiroHttpServletResponse the Java code is public class MyShiroHttpServletResponse the extends ShiroHttpServletResponse { public MyShiroHttpServletResponse (the HttpServletResponse wrapped, the ServletContext context, ShiroHttpServletRequest Request) { Super (wrapped, context, Request); } @Override protected String toEncoded (URL String, String sessionId) { IF (( == URL null ) || (sessionId == null )) return (URL); String path = url; String query = ""; String anchor = ""; int question = url.indexOf('?'); if (question >= 0) { path = url.substring(0, question); query = url.substring(question); } int pound = path.indexOf('#'); if (pound >= 0) { anchor = path.substring(pound); path = path.substring(0, pound); } StringBuilder sb = New new the StringBuilder (path); // override toEncoded method, comment lines of code will not generate a JESSIONID. // . IF (sb.length ()> 0) {// the session ID param CAN BE First Not // sb.append ( ";"); // sb.append (DEFAULT_SESSION_ID_PARAMETER_NAME); // sb.append ( "="); // sb.append (sessionId); // } sb.append (Anchor); sb.append (Query); return (sb.toString ()); } } 2 . extension ShiroFilterFactoryBean, the use of the new MyShiroHttpServletResponse. Java code public class MyShiroFilterFactoryBean extends ShiroFilterFactoryBean { @Override public Class getObjectType() { return MySpringShiroFilter.class; } @Override protected AbstractShiroFilter createInstance() throws Exception { SecurityManager securityManager = getSecurityManager(); if (securityManager == null) { String msg = "SecurityManager property must be set."; throw new BeanInitializationException(msg); } if (!(securityManager instanceof WebSecurityManager)) { String msg = "The security manager does not implement the WebSecurityManager interface."; throw new BeanInitializationException(msg); } FilterChainManager manager = createFilterChainManager(); PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver(); chainResolver.setFilterChainManager(manager); return new MySpringShiroFilter((WebSecurityManager) securityManager, chainResolver); } private static final class MySpringShiroFilter extends AbstractShiroFilter { protected MySpringShiroFilter(WebSecurityManager webSecurityManager, FilterChainResolver resolver) { super(); if (webSecurityManager == null) { throw new IllegalArgumentException("WebSecurityManager property cannot be null."); } setSecurityManager(webSecurityManager); if (resolver != null) { setFilterChainResolver(resolver); } } @Override protected ServletResponse wrapServletResponse(HttpServletResponse orig, ShiroHttpServletRequest request) { return new new MyShiroHttpServletResponse (orig, GetServletContext (), Request); } } } . 3 . shiro replaced in configuration to their MyShiroFilterFactoryBean (ah, I used a combination of spring and shiro) <- Shiro of Web Filter -! > <the bean ID = "shiroFilter" class = "com.jsnr.aws.web.shiro.spring.MyShiroFilterFactoryBean"> <Property name = "securityManager" REF = "securityManager" /> <Property name = "the loginUrl" value = " /login.jsp "/> <Property name =" unauthorizedUrl "value =" / unauthorized.jsp "/> ..... </ the bean>