Bajrang Asthana [https://community.jboss.org/people/bajrang_asthana] created the discussion
"Problem with jsession id" To view the discussion, visit: https://community.jboss.org/message/749886#749886 -------------------------------------------------------------- I need workaround for below- As I guess there is known issues with jsession id. JBoss does not genereate a new session id after logout(in the same brwoser) or browser uses same session id for all user's login. Session id is alive till max session period specified in web.xml. Actually I am using Seam framework, and while logout we call Seam.invalidateSession() method to invalidate session but after debuuging I found that browser was using same session id after logout and all the session variables are alive (that must be unbounded after logout). I have also tried Identity.instance().logout(), unfortunately it is also not working. I want to know how can we unbound all session varible and avoid session hijack or cookies theft. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/749886#749886] Start a new discussion in Beginner's Corner at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
