Due to our server always picks up the old JSESSIONID for creating a new user session if a cookie JSESSIONID has been passed - Waiting for Basis team to solve it.
I tried to set the cookie JSESSIONID to expired before display the login screen, but failed. I just wonder can I block the JSESSIONID cookie in Interceptor, so this cookie would not get to authentication action - the server would create a new sessionId for the new user session. If that is impossible, could some one point me to the light? Issue I face: Even I use the following code in Authentication action class after credential check, the application server still uses the old JSESSIONID for the new session. //invalidate the existing session and create a new one ((org.apache.struts2.dispatcher.SessionMap<String,Object>) session).invalidate(); session = ActionContext.getContext().getSession(); Thanks, Peter
