A new session getting created after every request in Jboss once a session is invalidated

Question

I have observed that once the session is invalidated due to session timeout, then a new session id is created after every request due to which login page is redirected for every operation. My application is running on internet and intranet, facing issues with only application running on internet which has https type request.

Using JBoss version 5.0.0 GA.

Technologies Used:

Spring Security 3.0
HDIV
JSP

Few Observations:

two JSESSIONID cookie objects were created for application running on internet and one cookie object for application running on intranet.
Sometimes when a session gets invalidated and new one gets created with same id of previous session.

Have searched a lot on many forums and stackoverflow to get solution for this but failed to resolved. Can anyone please help and get me out of here.

score 0 · Answer 1 · answered Sep 12 '16 at 12:34

0

Regarding the Hdiv part and taking into account that Hdiv does not work at communication level, only at application and the application works without https I don't see any possible source from our side at least.

Roberto Velasco Hdiv Security

answered Sep 12 '16 at 12:34

rbelasko

626
3
5

A new session getting created after every request in Jboss once a session is invalidated

1 Answers1