[jboss-user] How Can I enable Session Fixation Protection in JBOSS5.1 with JAAS Authentication
Chouxinxin Huang
huangzm529 at gmail.com
Tue Jan 18 02:41:33 EST 2011
Hi All,
My project will use the JAAS for authentication in JBOSS5.1,and want
to fix the session fixation in customized login module,
my solution is
:
after authentication check using
request.getSession(false).invalidate();request.getSession(true);
but the result is not as my expected ,it's raised a 400 error page
HTTP Status 400 - Invalid direct reference to form login page
How Can I enable Session Fixation Protection in JBOSS5.1 with JAAS
Authentication?
Best Regards!
--
William Huang
More information about the jboss-user
mailing list