https://bz.apache.org/bugzilla/show_bug.cgi?id=60854
--- Comment #5 from Jan Engehausen <smurf...@gmail.com> --- So, we discussed this and still think that in the particular scenario described (authentication and session creation in the same request), a subsequent request should not get a new session ID, as authentication already happened in the previous request. Maybe a "second opinion" can be collected. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
