Hi,
I am trying to resolve session fixation issue with tomcat 7.0.52
We have a Spring MVC application running on it, and the Auth method is
provided by another application which writes cookie, and we use the cookie
value to check whether the user is valid or not.
My application URL patterns are
/ - Home page
/login - Redirect to another application to ask user to authenticate
/myaccess/user*** --> All authenticated URL's
<Context path=""
docBase="myapplication"
sessionCookieName="mycookiename"
sessionCookieDomain="application.mydomain.com
sessionCookiePath="/">
As I cannot use org.apache.catalina.authenticator.FormAuthenticator here.
How can i prevent the session fixation ?
Thanks.
