I have a WebListener to trace session lieftime in order to collect usage statistics of our web application. We currenctly have WildFly 10.1 in place.
@WebListener public class LicenseManager implements HttpSessionListener { ... }
When going to the start page a new web session is created and recognized by the listener.
As our web application is secured you get redirected to the login page.
Login is done in one of our classes.
HttpServletRequest request = (HttpServletRequest)ec.getRequest(); request.login( this.userSessionModel.getUsername(), this.userSessionModel.getPassword() ); this.activeSessions.updateSessionLoggedIn( request.getSession(), this.userSessionModel.getUsername() );
Looking at request.getSession().getId() here gives us a different sesion id and this session was not recognized by the web listener.
That's not what I expected to get.
What's goin on here?
for security reasons session is changed / newly created once authentication is done.
you could customize this by implementing undertow ServletExtension
and set DeploymentInfo#changeSessionIdOnLogin