users@glassfish.java.net

RE: Glassfish 3.0.1 - Session Reset

From: Collins, Russell <rcollins_at_corelogic.com>
Date: Tue, 1 Feb 2011 11:06:21 -0600

Maybe the proper way of asking what I need is by saying that I was wondering if Glassfish provided a mechanism to prevent Session Fixation attacks.


Russell Collins
Sr. Software Engineer

"Do or do not, there is no try." - Yoda

From: Collins, Russell [mailto:rcollins_at_corelogic.com]
Sent: Tuesday, February 01, 2011 8:17 AM
To: 'users_at_glassfish.java.net'
Subject: Glassfish 3.0.1 - Session Reset

I have been given a task to research and come up with a solution regarding a security issue. When a user logs into our application, we are looking to reset the session to prevent an old session from being compromised. I am told that there is a facility in BEA Weblogic that does this. Is there a facility in Glassfish 3.0.1 that I can use that will do this operation or is this something that I am going to have to create from scratch? Any help and direction you can give me will be greatly appreciated.


Russell Collins
Sr. Software Engineer


________________________________
***************************
This message may contain confidential or proprietary information intended only
for the use of the addressee(s) named above or may contain information that is
legally privileged. If you are not the intended addressee, or the person
responsible for delivering it to the intended addressee, you are hereby
notified that reading, disseminating, distributing or copying this message is
strictly prohibited. If you have received this message by mistake, please
immediately notify us by replying to the message and delete the original
message and any copies immediately thereafter.

Thank you.
****************************

________________________________
***************************
This message may contain confidential or proprietary information intended only
for the use of the addressee(s) named above or may contain information that is
legally privileged. If you are not the intended addressee, or the person
responsible for delivering it to the intended addressee, you are hereby
notified that reading, disseminating, distributing or copying this message is
strictly prohibited. If you have received this message by mistake, please
immediately notify us by replying to the message and delete the original
message and any copies immediately thereafter.

Thank you.
****************************
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.