https://bz.apache.org/bugzilla/show_bug.cgi?id=60854
Bug ID: 60854
Summary: Unintended JSESSIONID value change
Product: Tomcat 7
Version: 7.0.75
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: smurf...@gmail.com
Target Milestone: ---
Hello,
we're observing a JSESSIONID value change on a second request in a scenario
where the first request both authenticated AND created a session. We expect the
JSESSIONID created in the response to the first request to remain constant in
subsequent requests.
It appears that the configuration for "cache" and
"changeSessionIdOnAuthentication" behave in an unintended way, creating new
session IDs where none are needed. Apologies if we misunderstand this, but it
looks like a bug, and not a feature.
We've detailed the situation and observations at
https://github.com/smurf667/test-tomcat-session which includes a simple,
reproducible self-contained test (Maven, Java).
Kind regards,
Jan Engehausen
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
