SEC-1379: New session should be created on invalid session detection #1622

Closed
spring-issuemaster opened this Issue Jan 22, 2010 · 0 comments

1 participant

@spring-issuemaster

Luke Taylor (Migrated from SEC-1379) said:

At the moment, the user needs to both set up the session timeout page to bypass the filter chain and create a new session in the timeout page (to prevent the same invalid id being resubmitted). It would be simpler if the SessionManagementFilter just started a new session when the invalid session ID is detected.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment