Hi I'm using the typical JAAS + Form-based Login setup.
Is there any way to force invalidation of the current HttpSession & create a new one as part of the login process? This way:
1) Browser with expired session id (eg if user left browser at login page for >30min) will not have to login twice (because JAAS will reject the 1st attempt)
2) If user is silly enough to open 2 windows and login twice (either as same userid or different userid), I can invalidate the 1st window.
Right now since JAAS "j_security_check" takes over on form submit, I can't force a new session like I would normally thru a LoginServlet or Struts LoginAction.
Thanks a bunch!