I am looking at
http://java.net/jira/browse/SERVLET_SPEC-13
("SERVLET_SPEC-13: Make session fixation protection part of the spec")
I would like to modify the following two interfaces:
a) add a new method to javax.servlet.http.HttpSession:
/**
* Changes the unique identified assigned to this session.
*/
public void changeId();
b) add a new method to javax.servlet.http.HttpSessionListener:
/**
* Receives notification that a session id has been changed.
*/
public void sessionIdChanged(HttpSessionEvent se)
If you have any comment, then please let me know.
Thanks.
Shing Wai Chan