how to refresh JSESSIONID cookie after login

前端未结

关注

 10  1541

我在风中等你 2021-01-30 17:41

A product I work on got a tough security audit by a potential customer and they are upset that Tomcat sets a JSESSIONID cookie before authentication has happened. That is, Tomc

10条回答

轮回少年 (楼主)

2021-01-30 18:22
When using spring, you should use SessionFixationProtectionStrategy.
```
...
```
When inspecting the source code, you will see that this is similar to the approach of harsha89: It will
1. create a new session
2. tranfer attributes of the old session.
0 讨论(0)

查看其它10个回答
发布评论:

提交评论
- 加载中...