2 Replies Latest reply on Nov 4, 2007 9:18 PM by tak mura

    Is it possible to create a new Session ID using session.inva

    tak mura Newbie

      For the following code?I was able to create a new Session ID under Tomcat5.5.
      However, Session ID was the same under JBoss4.21GA.

      session = request.getSession(true);
       out.println("session id=" + session.getId());
      
       request.getSession(true).invalidate();
       session = request.getSession(true);
       out.println("session id=" + session.getId());



      To prevent Session Fixation Attack , I hope to create a new Session ID after the Login process.

      If it is possible, could you please tell me the way ?

      Thank you.