Hello,

is there a way to generate a new Session ID without invalidating the current 
session? I read some article about session hijacking, and the main conclusion 
was, to always generate a new session ID if the security level increase. So if 
a not logged in user already got a session and he's logging in, he should 
receive a new session Id.

cheers
- Andreas

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3943166#3943166

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3943166


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to