[jira] [Commented] (TOMEE-734) Tomcat Session Fixation Protection cause lost SessionContext

Romain Manni-Bucau (JIRA) Mon, 21 Jan 2013 14:26:14 -0800

    [ 
https://issues.apache.org/jira/browse/TOMEE-734?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13559168#comment-13559168
 ]


Romain Manni-Bucau commented on TOMEE-734:
------------------------------------------

i think it is fixed with TOMEE-745
                
> Tomcat Session Fixation Protection cause lost SessionContext
> ------------------------------------------------------------
>
>                 Key: TOMEE-734
>                 URL: https://issues.apache.org/jira/browse/TOMEE-734
>             Project: TomEE
>          Issue Type: Improvement
>            Reporter: chunlinyao
>            Priority: Minor
>
> Session Fixation Protection will change sessionId upon user login. 
> CdiAppContextsService track sessionContext by session.getId(). So even the 
> session hasn't change the sessionId changed will cause sessionContext not 
> found.
> For some use case, if a user added some item to shopping cart. If the 
> shopping cart is stored in sessionScope after login the shopping cart will be 
> empty.
> Can we store the original sessionId in session, and retrive it later?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (TOMEE-734) Tomcat Session Fixation Protection cause lost SessionContext

Reply via email to