chunlinyao created TOMEE-734:
--------------------------------
Summary: Tomcat Session Fixation Protection cause lost
SessionContext
Key: TOMEE-734
URL: https://issues.apache.org/jira/browse/TOMEE-734
Project: TomEE
Issue Type: Improvement
Reporter: chunlinyao
Priority: Minor
Session Fixation Protection will change sessionId upon user login.
CdiAppContextsService track sessionContext by session.getId(). So even the
session hasn't change the sessionId changed will cause sessionContext not found.
For some use case, if a user added some item to shopping cart. If the shopping
cart is stored in sessionScope after login the shopping cart will be empty.
Can we store the original sessionId in session, and retrive it later?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
