2 Replies Latest reply on Jun 5, 2018 7:15 AM by Abhinav Gupta

    Jsession id remains same post login

    Abhinav Gupta Novice

      Hello,

      with reference to thread already JSESSION ID is not changing after authentication  , I see that Wildfly10 is supposed to have this fix.

      we are on WF10  , but behaviour is same.

       

      Can someone help us , if we need to enable this via some properties on undertow ? or this is something missed out from 10 ?

       

      PS : I see such requests are rejected in past  :    ; is it the current case well ? [AS7-5315] It's not possible to regenerate SessionID preventing Session Fixation attack - JBoss Issue Tracker

       

      Thanks,

      Abhinav