[
https://issues.apache.org/jira/browse/OWB-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
chunlinyao updated OWB-757:
---------------------------
Description:
Tomcat has Session Fixation Protection, upon user login the sessionId will
change.
SessionContextManager track sessionContext by sessionId, which will cause
sessionContext not found when sessionId changed.
Can we put the sessionId in the session. and get it from session failback to
session.getId()
UPDATE:
Sorry it's not related to SessionContextManager, I am using TomEE , the
sessionId is provided by TomEE's
CdiAppContextsService
was:
Tomcat has Session Fixation Protection, upon user login the sessionId will
change.
SessionContextManager track sessionContext by sessionId, which will cause
sessionContext not found when sessionId changed.
Can we put the sessionId in the session. and get it from session failback to
session.getId()
> Tomcat has Session Fixation Protection, will change sessionId upon login,
> cause sessionScope lost
> -------------------------------------------------------------------------------------------------
>
> Key: OWB-757
> URL: https://issues.apache.org/jira/browse/OWB-757
> Project: OpenWebBeans
> Issue Type: Improvement
> Components: Context and Scopes
> Affects Versions: 1.1.6
> Reporter: chunlinyao
> Priority: Minor
>
> Tomcat has Session Fixation Protection, upon user login the sessionId will
> change.
> SessionContextManager track sessionContext by sessionId, which will cause
> sessionContext not found when sessionId changed.
> Can we put the sessionId in the session. and get it from session failback to
> session.getId()
> UPDATE:
> Sorry it's not related to SessionContextManager, I am using TomEE , the
> sessionId is provided by TomEE's
> CdiAppContextsService
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
