Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v
diff -u -r1.1.2.3 -r1.1.2.4
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	25 Nov 2014 09:39:20 -0000	1.1.2.3
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	2 Dec 2014 13:48:26 -0000	1.1.2.4
@@ -73,6 +73,8 @@
 		    public void handleRequest(HttpServerExchange exchange) throws Exception {
 			ServletRequestContext context = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
 			HttpServletRequest request = (HttpServletRequest) context.getServletRequest();
+			// prevent session fixation attack - change session ID with any login attempt
+			request.changeSessionId();
 
 			// get session here in case it was invalidated in login.jsp 
 			HttpSession session = request.getSession();