1 Reply Latest reply on May 12, 2006 1:33 PM by Gavin King

    force new session ID, but don't invalidate session

    Andreas Berger Newbie


      is there a way to generate a new Session ID without invalidating the current session? I read some article about session hijacking, and the main conclusion was, to always generate a new session ID if the security level increase. So if a not logged in user already got a session and he's logging in, he should receive a new session Id.

      - Andreas