tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William J. Eaton" <...@lifeformulae.com>
Subject Re: Entering secure part of application loses CDI SessionScoped objects
Date Mon, 21 Jan 2013 21:54:26 GMT
On Mon, 2013-01-21 at 14:33 -0600, José Luis Cetina wrote:
> If i remember this is the default behavior starting from Tomcat 6.0.x the
> "name" is Session Fixation Protection. i remember if you dont want
> this behavior you have to set to false the changeSessionIdOnAuthentication
> attribue.
Thanks.  That resolves the issue.  When I add the Valve directive below
to context.xml, the application works as expected.
  <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
    changeSessionIdOnAuthentication="false"/>

-- 
William J. Eaton, wje@lifeformulae.com (713) 202-1620
LifeFormulae, LLC
9119 Highway 6 South #228
Missouri City, TX 77459



Mime
View raw message