httpservletrequest - create new session / change session Id

Question

I\'m maintaining a Java web application.

Looking into the login code it gets an HttpSession out of HttpServletRequest via the getSession() method of HttpServletReque

Answer 1

Since Java EE 7 and Servlet API 3.1 (Tomcat 8) you can use HttpServletRequest.changeSessionId() to achieve such behaviour. There is also a listener HttpSessionIdListener which will be invoked after each change.