Would you like to answer one of these unanswered questions instead?
Hi, I have an issue related to the change of JSESSIONID on login.
I am working on an ATG ecommerce application, where I am using jboss-eap-4.2 server and ATG9.1.
It is necessary to have the session invalidated so after logging out no protected resources can be accessed. The Session ID itself can be viewed as a piece of private information that was associated with the authenticated user session.
I will still need to change it again after logging in to be secure.
Struts2, JSP , Java are technologies , i m using for my apps.