2 Replies Latest reply on Jun 5, 2018 7:15 AM by Abhinav Gupta

    Jsession id remains same post login

    Abhinav Gupta Novice


      with reference to thread already JSESSION ID is not changing after authentication  , I see that Wildfly10 is supposed to have this fix.

      we are on WF10  , but behaviour is same.


      Can someone help us , if we need to enable this via some properties on undertow ? or this is something missed out from 10 ?


      PS : I see such requests are rejected in past  :    ; is it the current case well ? [AS7-5315] It's not possible to regenerate SessionID preventing Session Fixation attack - JBoss Issue Tracker