You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@openwebbeans.apache.org by "chunlinyao (JIRA)" <ji...@apache.org> on 2013/01/15 05:30:13 UTC

[jira] [Updated] (OWB-757) Tomcat has Session Fixation Protection, will change sessionId upon login, cause sessionScope lost

     [ https://issues.apache.org/jira/browse/OWB-757?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

chunlinyao updated OWB-757:
---------------------------

    Description: 
Tomcat has Session Fixation Protection, upon user login the sessionId will change.
SessionContextManager track sessionContext by sessionId, which will cause sessionContext not found when sessionId changed.
Can we put the sessionId in the session. and get it from session failback to session.getId()

UPDATE:

Sorry it's not related to SessionContextManager, I am using TomEE , the sessionId is provided by TomEE's 
CdiAppContextsService

  was:
Tomcat has Session Fixation Protection, upon user login the sessionId will change.
SessionContextManager track sessionContext by sessionId, which will cause sessionContext not found when sessionId changed.
Can we put the sessionId in the session. and get it from session failback to session.getId()

    
> Tomcat has Session Fixation Protection, will change sessionId upon login, cause sessionScope lost
> -------------------------------------------------------------------------------------------------
>
>                 Key: OWB-757
>                 URL: https://issues.apache.org/jira/browse/OWB-757
>             Project: OpenWebBeans
>          Issue Type: Improvement
>          Components: Context and Scopes
>    Affects Versions: 1.1.6
>            Reporter: chunlinyao
>            Priority: Minor
>
> Tomcat has Session Fixation Protection, upon user login the sessionId will change.
> SessionContextManager track sessionContext by sessionId, which will cause sessionContext not found when sessionId changed.
> Can we put the sessionId in the session. and get it from session failback to session.getId()
> UPDATE:
> Sorry it's not related to SessionContextManager, I am using TomEE , the sessionId is provided by TomEE's 
> CdiAppContextsService

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira