tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From José Luis Cetina <>
Subject Re: Entering secure part of application loses CDI SessionScoped objects
Date Mon, 21 Jan 2013 20:33:58 GMT
If i remember this is the default behavior starting from Tomcat 6.0.x the
"name" is Session Fixation Protection. i remember if you dont want
this behavior you have to set to false the changeSessionIdOnAuthentication

What i did is generate the info after successfully login.

You can read about this here:

2013/1/21 William J. Eaton <>

> I have attached a sample web application containing pages that use a
> CDI SessionScoped bean.  One of the pages has a security constraint.
> Logging into the secured page causes the SessionScoped bean to be
> dropped and a new one created.  After login, the bean retains its
> value as expected.
> The HttpSession behaves correctly, it is apparently the CDI
> session context which is ending and beginning again.  This has
> been observed under TomEE 1.5.0, 1.5.1, and the
> 1.5.2-20130118.041121-42-webprofile snapshot.
> This example works correctly under Gl*ssF*sh and JB*ss.  Extract
> the attached jar file then use Maven to build it.
> --
> William J. Eaton, (713) 202-1620
> LifeFormulae, LLC
> 9119 Highway 6 South #228
> Missouri City, TX 77459

*SCJA. José Luis Cetina*

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message