On 1/14/11 8:12 PM, spr...@gmx.eu wrote: > Hi, > > I have a web app where the user logs in and starts an applet which uploads a > file and then opens a page in the browser. I use Java 1.6_16. > > When I do this in TC 6.0.13 the session-ID stays the same after login. Fine. > When I do this in TC 7.0.5 the session-ID changes when the applet starts to > communicate with the server. So the user is losing his login and the app is > broken. > > What feature in TC 7 leads to this problem? The new session fixation > prevention?
It's only a problem if you rely on the session id not changing. The session id changes in recent versions of Tomcat 6 too - yours is extremely old, many bugs have been fixed since it was released. What are you using the session id for? > How can I solve this? Don't rely on the session id remaining the same. p > Thank you > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
0x62590808.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
