Index: lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java
===================================================================
RCS file: /usr/local/cvsroot/lams_common/src/java/org/lamsfoundation/lams/integration/security/Attic/SsoHandler.java,v
diff -u -r1.1.2.16 -r1.1.2.17
--- lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	4 Jul 2016 06:54:19 -0000	1.1.2.16
+++ lams_common/src/java/org/lamsfoundation/lams/integration/security/SsoHandler.java	6 Jul 2016 08:32:20 -0000	1.1.2.17
@@ -98,7 +98,11 @@
 			userDTO = user.getUserDTO();
 		    }
 		}
-
+		
+		// prevent session fixation attack
+		// This will become obsolete on Undertow upgrade to version 1.1.10+
+		request.changeSessionId();
+		
 		// store session so UniversalLoginModule can access it
 		SessionManager.startSession(request);