rder to always call the
createSession(null) or is there another way in order to workaround this?
Thanks in advance.
Andrea
2010/11/30 Andrea Corti
> Yes, I have emptySessionPath=true in connectors; is this the issue?
>
> Thanks for the link, now i'm trying to debug in orde
Yes, I have emptySessionPath=true in connectors; is this the issue?
Thanks for the link, now i'm trying to debug in order to find some more
details for you experts.
Thanks.
2010/11/30 Konstantin Kolinko
> >> > Follows an extract form a test servlet:
> >> > HttpSession s = req.getSessi
2010/11/29 Christopher Schultz
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Andrea,
>
> On 11/29/2010 9:37 AM, Andrea Corti wrote:
> > In order to avoid session fixation in the login phase of our application
> > we have to invalidate the session.
>
&g
Hi,
in order to avoid session fixation in the login phase of our application
we have to invalidate the session.
But we found the issue reported in the following bug (marked as solved)
related to Tomcat &.0.28:
https://issues.apache.org/bugzilla/show_bug.cgi?id=49598
I'm using tomcat 6.0.29 (u
