Create new session in JSF 1.2

Asked Oct 09 '12 at 18:16

Active Oct 17 '12 at 19:06

Viewed 644 times

I have a login page, after entering the credentials and submitting I am copying the attributes of current session (let's say A) and invalidating it using ((HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false)).invalidate(). After that I am creating a new session (let's say B) using FacesContext.getCurrentInstance().getExternalContext().getSession(true) and setting the attributes back to new session. This is done to prevent session fixation.

This works fine in JSF 2.0, but in JSF 1.2 after performing above logic and navigating the user, the newly created session is lost (not killed) before RESTORE_VIEW phase and JSF is creating another session (let's say C). I have a custom HttpSessionListener and able to see both B and C. How are sessions created or handled in JSF 1.2?

edited Oct 17 '12 at 19:06

asked Oct 09 '12 at 18:16

Praneeth

1,457
5
23
36

How are you performing the navigation? By a redirect, right? – BalusC Oct 17 '12 at 20:07
Yes, by using `` tag in `faces-config.xml` – Praneeth Oct 18 '12 at 19:26
Okay. Is this on exactly the same application server? – BalusC Oct 18 '12 at 19:36

Create new session in JSF 1.2

0 Answers0