[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] prevent new session on form login
|
I believe the reason that session ID needs to be changed has to do with security considerations. I don't believe there's currently a way to turn this off. I would suggest that you post a comment in the ticket your mentioned about your issue.
-Michael
On Sat, Apr 16, 2011 at 4:04 PM, Tore Halset
<halset@xxxxxxxxxxx> wrote:
Hello.
I have an application using form based login. For some strange reason we have some non-browser-applications using the same form based login.
After upgrade from jetty 7.1.6 to 7.3.0 authentication still works from a normal web client, but it does not work from all of the non-browser-applications. This problem is caused by jetty 7.3 creating a new session when the user is authenticated. This is easy to fix in the clients we have control over, but some of them we do not have control over.
http://jira.codehaus.org/browse/JETTY-1281
What is the reason for creating a new session on login? Is it possible to turn this feature off?
Regards,
- Tore.
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-users
