SAP Netweaver Java AS. We have up to date version 7.30
On Thu, Apr 4, 2013 at 9:45 AM, Antonios Gkogkakis wrote:
> What application server are you using? I remember some people having issues
> with session ids with spring security in jboss.
>
> On 4 April 2013 15:36, Pete
the existing session but does not create a new one.
>
> To create a new session you have to call request.getSession(true); on the
> HttpServletRequest, Struts will do that for you if you attempt to put
> something in the invalidated session using ActionContext.getContext().
> getSession(
x27;t know how your server will work, but I
> assume it will not sent any cookie back to the client, and therefore the
> browser will still have the old JSESSIONID and sent it to the server on
> every request(until a new session is created or the browser is closed).
>
> JL
>
>
Thanks, Martins. CreateSessionInterceptor is not the answer for my case. My
authentication action class already implements SessionAware, the SessionMap
is available for use. My problem is after authentication, I would like to
clear existing user session, and create a new one, in which I would store
Due to our server always picks up the old JSESSIONID for creating a new
user session if a cookie JSESSIONID has been passed - Waiting for Basis
team to solve it.
I tried to set the cookie JSESSIONID to expired before display the login
screen, but failed. I just wonder can I block the JSESSIONID co
5 matches
Mail list logo
