well it should be disabled by default. However, the behavior it looks like is not.
Indeed it is the Applet who sets the JSESSIONID but in my opinion, if I specifically say to CXF to disable session management, they should guarantee that after each call, the session is invalidated. Now putting that aside, I would like to find out is how to obtain the HttpSession that CXF is using to make the requests so that I can manually invalidate the session. Do you know how I can obtain the HttpSession so that I can invalidate it? Thanks -- View this message in context: http://cxf.547215.n5.nabble.com/can-t-disable-session-support-JSESSIONID-is-always-created-tp5759638p5759667.html Sent from the cxf-user mailing list archive at Nabble.com.
