Thank you for reply. I could understand it is impossible to create a new SessionID under JBoss.
Are there any recommendation way to prevent Session Fixation Attack under JBoss? If there are any recommendation way, could you please teach it to me ? Thank you. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4101648#4101648 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4101648 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user