Hi,

 

I’m facing some problems with the JBOSS 7.

My web application use JAAS with a custom login module and my context demands an HTTPS connection.

 

I’m trying to prevent session fixation on that server but I didn’t found any document talking about the version 7.x.x.

 

I would like to invalidate and regenerate the Session when a user succeed on the login process.

Is it possible?

 

Regards,



Endrigo Antonini
http://www.endrigoantonini.com.br/
http://br.linkedin.com/in/endrigoantonini
http://www.twitter.com/antonini