[jboss-user] [Beginner's Corner] - Problem with jsession id

Bajrang Asthana do-not-reply at jboss.com
Tue Jul 24 08:39:48 EDT 2012

Bajrang Asthana [https://community.jboss.org/people/bajrang_asthana] created the discussion

"Problem with jsession id"

To view the discussion, visit: https://community.jboss.org/message/749886#749886

I need workaround for below-

As I guess there is known issues with jsession id. JBoss does not genereate a new session id after logout(in the same brwoser) or browser uses same session id for all user's login. Session id is alive till max session period specified in web.xml. Actually I am using Seam framework, and while logout we call Seam.invalidateSession() method to invalidate session but after debuuging I found that browser was using same session id after logout and all the session variables are alive (that must be unbounded after logout). I have also tried Identity.instance().logout(), unfortunately it is also not working.

I want to know how can we unbound all session varible and avoid session hijack or cookies theft.

Reply to this message by going to Community

Start a new discussion in Beginner's Corner at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120724/ad3bfba9/attachment.html 

More information about the jboss-user mailing list