New HttpSession at login procedure / Session not recognized by the WebListener

lafr Oct 18, 2016 11:17 AM

I have a WebListener to trace session lieftime in order to collect usage statistics of our web application. We currenctly have WildFly 10.1 in place.

@WebListener
public class LicenseManager implements HttpSessionListener
{
    ...
}

When going to the start page a new web session is created and recognized by the listener.

As our web application is secured you get redirected to the login page.

        
HttpServletRequest request = (HttpServletRequest)ec.getRequest();
        
request.login( this.userSessionModel.getUsername(), this.userSessionModel.getPassword() );
        
this.activeSessions.updateSessionLoggedIn( request.getSession(), this.userSessionModel.getUsername() );

Looking at request.getSession().getId() here gives us a different sesion id and this session was not recognized by the web listener.

That's not what I expected to get.

What's goin on here?

1. Re: New HttpSession at login procedure / Session not recognized by the WebListener

ctomc Oct 18, 2016 4:06 PM (in response to lafr)

for security reasons session is changed / newly created once authentication is done.

you could customize this by implementing undertow ServletExtension
and set DeploymentInfo#changeSessionIdOnLogin
Actions