0 Replies Latest reply on Oct 4, 2011 7:07 AM by sureshtechspot

    creating new session id after login - Jboss 5.1.0

    sureshtechspot Newbie

      Hi,

       

        Recently I was asked to do a session fixation protection to our intranet web application which is running in jboss 5.1.0.  The solution for this is to geneate a new session id after successful login.

       

      So I searched the forum for any solution, not successful. But what I understood si with the  jboss / tomcat we can't do any thing so that it will be taken care by the AS. I need to write a Valve to do the job. Means for login request invalidate the existing session and genetate a new session and id in the Valve implementation.

       

      If I am going for Valve I need to depend on the JBoss library, which I don't want. Can  any one suggest any solution or Valve is the only solution?.

       

      Urgent help is required. Thanks in adavance.

       

      -Suresh