Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -r8b469ff18d080eb020107ad2b0de5ad6b887854c -r304d9f773364000813d79e509edb93091a8ebe7d
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 8b469ff18d080eb020107ad2b0de5ad6b887854c)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 304d9f773364000813d79e509edb93091a8ebe7d)
@@ -98,7 +98,11 @@
 			userDTO = user.getUserDTO();
 		    }
 		}
-
+		
+		// prevent session fixation attack
+		// This will become obsolete on Undertow upgrade to version 1.1.10+
+		request.changeSessionId();
+		
 		// store session so UniversalLoginModule can access it
 		SessionManager.startSession(request);