Every time I log into my application, I want the session to have a new session id. Currently if I close and open the browser, I'll get a new session id or else the session id will be the same even tough I am invalidating the session while logging out. Is there any solution for this? I'm using JBoss as my application server.
Any help is highly appreciated.
This might help someone, so posting a reply.
This is achieved by implementing a custom tomcat valve. Inside the tomcat valve, the logic is put for session id regeneration.