LDEV-3315: Prevent session fixation attack by changing session ID on authentication. The ID is changed even on failed auth, but changing it …
Show more
LDEV-3315: Prevent session fixation attack by changing session ID on authentication. The ID is changed even on failed auth, but changing it only after successful one prevents users from accessing secure content (old session ID is cached). This patch will become obsolete once we upgrade to Undertow 1.1.10+.
Show less
