tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 60854] Unintended JSESSIONID value change
Date Thu, 23 Mar 2017 20:27:13 GMT

--- Comment #8 from Mark Thomas <> ---
It is worth keeping in mind the change in session ID is relatively cheap. The
session object remains the same, it is just the ID field that is updated.

Using alwaysUseSession="true" on the Authenticator appears, on the face of it,
to be a simple solution to this problem.

I haven't tried coding it, but it looks like a fix triggered by session
creation would be possible. It would require some refactoring of
AuthenticatorBase.register to avoid duplication of code.

Overall, I do wonder if the additional complexity of the session creation
triggered fix is truly necessary.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message