If i remember this is the default behavior starting from Tomcat 6.0.x the "name" is Session Fixation Protection. i remember if you dont want this behavior you have to set to false the changeSessionIdOnAuthentication attribue.
What i did is generate the info after successfully login. You can read about this here: http://openejb.979440.n4.nabble.com/Guest-user-td4655258i20.html 2013/1/21 William J. Eaton <[email protected]> > I have attached a sample web application containing pages that use a > CDI SessionScoped bean. One of the pages has a security constraint. > Logging into the secured page causes the SessionScoped bean to be > dropped and a new one created. After login, the bean retains its > value as expected. > The HttpSession behaves correctly, it is apparently the CDI > session context which is ending and beginning again. This has > been observed under TomEE 1.5.0, 1.5.1, and the > 1.5.2-20130118.041121-42-webprofile snapshot. > > This example works correctly under Gl*ssF*sh and JB*ss. Extract > the attached jar file then use Maven to build it. > -- > William J. Eaton, [email protected] (713) 202-1620 > LifeFormulae, LLC > 9119 Highway 6 South #228 > Missouri City, TX 77459 > -- ------------------------------------------------------------------- *SCJA. José Luis Cetina* -------------------------------------------------------------------
