session.invalidate();
session = request.getSession(true);
The new session will have the same session id.
Bill Barker <[EMAIL PROTECTED]> wrote:
"Dave" wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I am using JBoss 4.0.5GA. Cookie-based session tracking is used.
> Starting with http, whe
"Dave" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I am using JBoss 4.0.5GA. Cookie-based session tracking is used.
> Starting with http, when user clicks login, redirect to https, but the
> same session id is used for https. It is not safe.
>
> after calling sessio
