On 18.07.12 19:58, Asha N wrote:
> * Tomcat7 by default has it turned on, but it does not work. We have another
> system with Spring instead. That generates a new jsessionid without any
> issues.
> * I tried the following code just before the user gets authenticated via:
> TurbineSecurity.getAuthenticatedUser(username, password);
> my code:
> HttpSession session = data.getRequest().getSession(false);
> if (session!=null && !session.isNew()) {
> session.invalidate();
> }
>
> data.getRequest().getSession(true);
>
> this does not work. I still get the same sessionid.
> I also tried:
>
> data.getSession().invalidate(), but that too does not seem to work.
RunData retrieves a copy of the session when the object is built. So all
but your last attempt do not modify this copy. This last attempt
*should* work as it is the same method that is used in Turbine.java
Bye, Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
