0 Replies Latest reply on Feb 26, 2012 8:34 PM by mandar

    JSESSIONID session fixation issue



        This is in relation with Jive SBS pulbic 4.5.4. I noticed that the application continues to maintain the same JSESSIONID cookie value even after a guest user authenticates.

      This is typically resolved by making modifications to the Tomcat configuration. But it looks like authentication is being handled by spring security and specifically, JiveAuthenticationTranslationFilter needs to be modified to reset the cookie.


      My question is, should I invalidate the request.getSession() or I need to explicitly reset the cookie as well?

      Is there any other dependency?


      Thanks in advance,