This content has been marked as final. Show 5 replies
I'm new with Jboss Web. I'm running JBoss Web 2.1.9.GA and I use spring security. Some time ago I noticed this warning message:
WARN SessionFixationProtectionStrategy:95 - Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks
I tried to search for it, but still I couldn't find anything that would fix the problem. Can someone tell me what might cause this warining to appear. Is it a configuration issue, is it something else. If you need some of the configuration files to diagose this, please tell me which.
Any help will be greatly appreciated.