Hi All, My project will use the JAAS for authentication in JBOSS5.1,and want to fix the session fixation in customized login module,
my solution is : after authentication check using request.getSession(false).invalidate();request.getSession(true); but the result is not as my expected ,it's raised a 400 error page HTTP Status 400 - Invalid direct reference to form login page How Can I enable Session Fixation Protection in JBOSS5.1 with JAAS Authentication? Best Regards! -- William Huang _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
