Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
diff -u -r5806f7835e004132c37781df113fa0c879287065 -rf3cb86bce06f05edf6b17bb6ac7232832b650401
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision 5806f7835e004132c37781df113fa0c879287065)
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	(.../SsoHandler.java)	(revision f3cb86bce06f05edf6b17bb6ac7232832b650401)
@@ -73,6 +73,8 @@
 		    public void handleRequest(HttpServerExchange exchange) throws Exception {
 			ServletRequestContext context = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
 			HttpServletRequest request = (HttpServletRequest) context.getServletRequest();
+			// prevent session fixation attack - change session ID with any login attempt
+			request.changeSessionId();
 
 			// get session here in case it was invalidated in login.jsp 
 			HttpSession session = request.getSession();