Hello All, Why I'm asking here: we are using AbstractAuthenticatedWebSession
Recently we have received bug report [1] stating JSESSIONID is not being changed after authentication, can this lead to "stolen" login? I was unable to manually set this cookie to the known value Is this possible? sorry if I'm writing to the wrong list. [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1399 -- WBR Maxim aka solomax
