-
1. Re: Change session id when the user logs in.
amitev Nov 3, 2010 5:28 PM (in response to thiagorocha)Invalidate the session after the user loggs in.
-
2. Re: Change session id when the user logs in.
thiagorocha Nov 3, 2010 5:34 PM (in response to thiagorocha)i already did that.. and already tried to create a new one with .getSession(true) but its not working
-
3. Re: Change session id when the user logs in.
lvdberg Nov 4, 2010 5:59 AM (in response to thiagorocha)Hi,
loggin/out is something else as having a sesion with a specific server.So while you are connected to the same server, you while have the same session. So you need to
dis-connect
to achieve this. Can you give us the reason why you want to do this?If really needed you could use an additional filter.
Leo
-
4. Re: Change session id when the user logs in.
thiagorocha Nov 4, 2010 8:28 AM (in response to thiagorocha)
Leo van den Berg wrote on Nov 04, 2010 05:59:
Hi,
loggin/out is something else as having a sesion with a specific server.So while you are connected to the same server, you while have the same session. So you need todis-connect
to achieve this. Can you give us the reason why you want to do this?
If really needed you could use an additional filter.
LeoWell.. the documentation of the software i am developing says that i need to do this.
-
5. Re: Change session id when the user logs in.
mwohlf Nov 4, 2010 8:36 AM (in response to thiagorocha)changing sessionId is best practice against session fixation attacks, I never got this this work with seam 2, some say it is implemented in seam 3, see: https://jira.jboss.org/browse/JBSEAM-2450
-
6. Re: Change session id when the user logs in.
thiagorocha Nov 4, 2010 2:11 PM (in response to thiagorocha)based on my searches that seems to be a problem on Jboss Server.. thanks for the link Michael