I am using the built in container managed security in glassfish 3.0.1
I recently applied to Sales Force to become a partner, and upon
completion of their security review, this is one of the things they
mentioned that needs to be fixed for me to pass the security review.
"Session ID not updated [AppScan Report] - To prevent customer sessions
and cookies from being stolen or manipulated, a new session should be
generated upon each successful login."
Can anyone provide some insight as to what the problem could be? I
assume this is all managed by glassfish?
Chers,
Derek