Changing session id on authentication in EAP 7
Issue
- We want to ensure a client's session is given a new id after authentication to avoid session fixation concerns. We previously set
org.apache.catalina.authenticator.AuthenticatorBase.CHANGE_SESSIONID_ON_AUTH
on EAP 6 with JBossWeb. Is there any equivalent option on EAP 7 with Undertow?
Environment
- JBoss Enterprise Application Platform (EAP) 7.x
- Undertow
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.