[jboss-user] [Beginner's Corner] - Problem with jsession id
Bajrang Asthana
do-not-reply at jboss.com
Tue Jul 24 08:39:48 EDT 2012
Bajrang Asthana [https://community.jboss.org/people/bajrang_asthana] created the discussion
"Problem with jsession id"
To view the discussion, visit: https://community.jboss.org/message/749886#749886
--------------------------------------------------------------
I need workaround for below-
As I guess there is known issues with jsession id. JBoss does not genereate a new session id after logout(in the same brwoser) or browser uses same session id for all user's login. Session id is alive till max session period specified in web.xml. Actually I am using Seam framework, and while logout we call Seam.invalidateSession() method to invalidate session but after debuuging I found that browser was using same session id after logout and all the session variables are alive (that must be unbounded after logout). I have also tried Identity.instance().logout(), unfortunately it is also not working.
I want to know how can we unbound all session varible and avoid session hijack or cookies theft.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/749886#749886]
Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120724/ad3bfba9/attachment.html
More information about the jboss-user
mailing list