struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Lin <peterli...@gmail.com>
Subject Update Cookie JSESSIONID
Date Wed, 03 Apr 2013 20:23:09 GMT
Due to our server always picks up the old JSESSIONID for creating a new
user session if a cookie JSESSIONID has been passed - Waiting for Basis
team to solve it.

I tried to set the cookie JSESSIONID to expired before display the login
screen, but failed. I just wonder can I block the JSESSIONID cookie in
Interceptor, so this cookie would not get to authentication action - the
server would create a new sessionId for the new user session.

If that is impossible, could some one point me to the light?

Issue I face: Even I use the following code in Authentication action class
after credential check, the application server still uses the old
JSESSIONID for the new session.

//invalidate the existing session and create a new one
((org.apache.struts2.dispatcher.SessionMap<String,Object>)
session).invalidate();
session = ActionContext.getContext().getSession();

Thanks,
Peter

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message