Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Creating new session ids

 
Shenaz Assu
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Every time I log into my application, I want the session to have a new session id. Currently if I close and open the browser, I'll get a new session id or else the session id will be the same even tough I am invalidating the session while logging out. Is there any solution for this? I'm using JBoss as my application server.

Any help is highly appreciated.

Regards
Shenaz
 
Dilip Mallik
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi shenaz,

Have you cheked the attribute values in the session after invalidating the session.

I don't think that after invalidating session you will have same session.

If your session is not invalidated then you would be able to retrieve the attribute values from the session.

Just double check..
 
Shenaz Assu
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We have a requirement to handle "Session Fixation". It has been adviced by the audit team to
Always generate a new session to which the user will log in if successfully authenticated.


Currently when I'm logging in from the same browser and the session id remains the same. Is that fine? Is it OK if I generate a new session with the same id? Will this solve my problem?
 
Shenaz Assu
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Dilip,

I checked. The session is getting invalidated and I'm getting the session attributes as null.

 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why do you need a new Session ID if the session it identified has been invalidated?
 
Dilip Mallik
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Then why you need a new session id.

is there any project requirement?
 
Surya Kant
Ranch Hand
Posts: 104
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thats how our browsers behave.If you don't want to have this feature then close the current window and open new window.
 
I yam what I yam and that's all that I yam - the great philosopher Popeye. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!