1 Reply Latest reply on Sep 2, 2009 5:34 AM by Jean-Frederic Clere

    Duplicate Session ID after invalidate

    Chris Miller Newbie

      I just upgraded from JBoss 4.0.5 to 5.1.0 and I'm experiencing some strange behavior. Our user login process calls HttpSession.invalidate() on any existing session, followed by HttpServletRequest.getSession(true) to create a new session for the new login.

      However, the getSession() call is returning the same session ID as the previous (invalidated) session, whereas every session ID is supposed to be unique. This causes problems when we insert the session ID into our database login history table, and means that the user can't login a second time.

      Is there a reason why the server is re-using session IDs when it shouldn't?


      ...Chris Miller