[
https://issues.apache.org/jira/browse/TOMEE-734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13553589#comment-13553589
]
Romain Manni-Bucau commented on TOMEE-734:
------------------------------------------
that's clearly not recommanded, if you want to do so you already have the
property to do it (why i used "Not A Problem"). Keeping the old sessionId in
the new session is in general a pain which would mean steal the old session
if you want if you can still use a custom standardmanager with the session
strategy you want setting the property openejb.session.manager
> Tomcat Session Fixation Protection cause lost SessionContext
> ------------------------------------------------------------
>
> Key: TOMEE-734
> URL: https://issues.apache.org/jira/browse/TOMEE-734
> Project: TomEE
> Issue Type: Improvement
> Reporter: chunlinyao
> Priority: Minor
>
> Session Fixation Protection will change sessionId upon user login.
> CdiAppContextsService track sessionContext by session.getId(). So even the
> session hasn't change the sessionId changed will cause sessionContext not
> found.
> For some use case, if a user added some item to shopping cart. If the
> shopping cart is stored in sessionScope after login the shopping cart will be
> empty.
> Can we store the original sessionId in session, and retrive it later?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
