Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -rf34bced0305b77e7a660ba8d4a0949265c5f2c87 -r2ba6145dadb96f28c465211dc34b4558278067b9
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision f34bced0305b77e7a660ba8d4a0949265c5f2c87)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 2ba6145dadb96f28c465211dc34b4558278067b9)
@@ -73,8 +73,6 @@
 		    public void handleRequest(HttpServerExchange exchange) throws Exception {
 			ServletRequestContext context = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
 			HttpServletRequest request = (HttpServletRequest) context.getServletRequest();
-			// prevent session fixation attack - change session ID with any login attempt
-			request.changeSessionId();
 
 			// recreate session here in case it was invalidated in login.jsp by sysadmin's LoginAs 
 			HttpSession session = request.getSession();