At my work, we had the very same problem, but we resolved it.
Using Google Chrome, the application could not keep the session because it's ID changed almost at each request made. Meanwhile, Firefox didn't have it. The guy who had turned DefaultWebSessionManager on used an example from the web, where it set the cookie name as "cookie".
He resolved changing the name of the cookie to another, for example,
cookie = org.apache.shiro.web.servlet.SimpleCookie
cookie.name = your.cookie
cookie.path = /
sessionManager.sessionIdCookie = $cookie
I expect this works to you.