session.invalidate();
session = request.getSession(true);
The new session will have the same session id.
Bill Barker <[EMAIL PROTECTED]> wrote:
"Dave" wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I am using JBoss 4.0.5GA. Cookie-based session tracking is used.
> Starting with http, whe
"Dave" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi,
>
> I am using JBoss 4.0.5GA. Cookie-based session tracking is used.
> Starting with http, when user clicks login, redirect to https, but the
> same session id is used for https. It is not safe.
>
> after calling sessio
Hi,
I am using JBoss 4.0.5GA. Cookie-based session tracking is used.
Starting with http, when user clicks login, redirect to https, but the same
session id is used for https. It is not safe.
after calling session.invalidate(), the sessoin id in the cookie is used for
https.
