Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1379: New session should be created on invalid session detection #1622

spring-issuemaster opened this Issue Jan 22, 2010 · 0 comments


None yet
1 participant

Luke Taylor (Migrated from SEC-1379) said:

At the moment, the user needs to both set up the session timeout page to bypass the filter chain and create a new session in the timeout page (to prevent the same invalid id being resubmitted). It would be simpler if the SessionManagementFilter just started a new session when the invalid session ID is detected.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment