Hello,
is there a way to generate a new Session ID without invalidating the current session? I read some article about session hijacking, and the main conclusion was, to always generate a new session ID if the security level increase. So if a not logged in user already got a session and he's logging in, he should receive a new session Id.
cheers
- Andreas
No idea, but it's a Tomcat question...