Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-9533

JBOSS Not creating new session id for session.getSession(true)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Critical
    • None
    • JBossAS-4.2.0.GA
    • Security
    • None

    Description

      I am using JBOSS 4.2 GA. I am able to fix the session id on the application server. JBOSS is not validating the JSESSIONID value, whether it is generated by itself or not. So, i thought of explicitly invalidating the existing session and create a new session using httpServletRequest.getSession(true) during the login action.JBOSS still returns the old jsession id .
      Is this a limitation in jboss??? I also checked the emptySessionPath in server.xml and the value is "true" for HTTP,HTTPS and AJP Connectors.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            altafshussain Altaf Hussain (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: