Stephan van Hulst wrote:+++ is ambiguous because it might mean + ++ or it might mean ++ +. My guess is that the Java lexer tokenizes characters greedily, so in these cases it will always pick the option where the token with the most characters comes first.
The longest possible translation is used at each step, even if the result does not ultimately make a correct program while another lexical translation would.
Thus, the input characters a--b are tokenized (§3.5) as a, --, b, which is not part of any grammatically correct program, even though the tokenization a, -, -, b could be part of a grammatically correct program.
The session ID must be renewed or regenerated by the web application after any privilege level change within the associated user session. The most common scenario where the session ID regeneration is mandatory is during the authentication process, as the privilege level of the user changes from the unauthenticated (or anonymous) state to the authenticated state.