-
-
2. Re: Change session id when the user logs in.
i already did that.. and already tried to create a new one with .getSession(true) but its not working
-
3. Re: Change session id when the user logs in.
Hi,
loggin/out is something else as having a sesion with a specific server.So while you are connected to the same server, you while have the same session. So you need to
dis-connect
to achieve this. Can you give us the reason why you want to do this?If really needed you could use an additional filter.
Leo
-
4. Re: Change session id when the user logs in.
Leo van den Berg wrote on Nov 04, 2010 05:59:
Hi,
loggin/out is something else as having a sesion with a specific server.So while you are connected to the same server, you while have the same session. So you need todis-connect
to achieve this. Can you give us the reason why you want to do this?
If really needed you could use an additional filter.
LeoWell.. the documentation of the software i am developing says that i need to do this.
-
5. Re: Change session id when the user logs in.
changing sessionId is best practice against session fixation attacks, I never got this this work with seam 2, some say it is implemented in seam 3, see: https://jira.jboss.org/browse/JBSEAM-2450
-
6. Re: Change session id when the user logs in.
based on my searches that seems to be a problem on Jboss Server.. thanks for the link Michael
