https://bz.apache.org/bugzilla/show_bug.cgi?id=60854
--- Comment #4 from Jan Engehausen <[email protected]> --- I see. I need to run this by my colleagues, hope it is okay to keep open until tomorrow. I would argue that in the case where authentication and session creation occur in the same request it would not be right to change the session ID on the second request (where no authentication occurs). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
