We are using JBOSS EAP 6.4.0 GA version ,
We have a security constraint like our application is not changing JSessionId after successful login.
The Session Id is same before and after login .
I tried couple of solutions/combinations like below but didn't work out.
Added below value in Standalone.xml
<property name="org.apache.catalina.authenticator.AuthenticatorBase.CHANGE_SESSIONID_ON_AUTH" value="true"/>
<property name="org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR" value="false"/>
We are using Oracle Ecommerce(ATG) as our framework which is deployed in JBOSS.
Kindly provide suggestions to resolve this session fixation problems.
Retrieving data ...