[
https://issues.jboss.org/browse/JBWEB-214?page=com.atlassian.jira.plugin....
]
Jan Stefl commented on JBWEB-214:
---------------------------------
What do you think about following?
https://issues.apache.org/bugzilla/show_bug.cgi?id=49158#c7
{quote}
This is proving to be critical to us (we manually invalidate sessions first time around
when we haven't seen them before - to guard against sessions being presented from
search engines), and we currently end up in an invalidation loop as the second JSESSIONID
is never actually presented back to the browser.
{quote}
More than one JSESSIONID cookie headers set in JBoss Web
--------------------------------------------------------
Key: JBWEB-214
URL:
https://issues.jboss.org/browse/JBWEB-214
Project: JBoss Web
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Tomcat
Affects Versions: JBossWeb-2.1.11.GA
Reporter: Eiichi Nagai
Assignee: Remy Maucherat
More than one JSESSIONID cookie headers set if execute following JSP.
<%
session.invalidate();
session = request.getSession();
session.invalidate();
session = request.getSession();
%>
This issue has been reported from Bug 49158[1] in tomcat.
[1] Bug 49158 - More than one JSESSIONID cookie headers set
https://issues.apache.org/bugzilla/show_bug.cgi?id=49158
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalin...
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalin...
I guess that same fix is required in JBoss Web.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:
http://www.atlassian.com/software/jira