resolving session fixation bug fix in resin app server

Question

I am using resin app server request.getSession.invalidate();reguest.getSession(true) is not working properly and its not resetting session ID while using Resin.

Also I am not able to use request.changeSessionId() as the resin version is not able to use JavaEE7 libraries.

Please share your views on how to resolve session fixation with Resin

That just resolves a myth in my head. Thanks. – gye Apr 05 '18 at 19:39 — gye, Apr 05 '18 at 19:39

score 1 · Answer 1 · answered Jul 28 '15 at 15:54

1

Resin 4.0.x doesn't implement Servlet 3.1 API.

Resin provides reuse-session-id configuration option that helps control session cookie behaviour.

http://caucho.com/resin-4.0/reference.xtp#session-config

answered Jul 28 '15 at 15:54

Incarnate1970th

202
2
7

resolving session fixation bug fix in resin app server

1 Answers1

Linked