Allocate new session after login authentication.(j2ee)

how do i issue a new session tracking cookie after user successfully authenticates to the application.
sunilramuAsked:
Who is Participating?
 
objectsCommented:
invalidate the session and create a new one
0
 
sunilramuAuthor Commented:
let me rephrase the question, can we change the jsessionid after authentication.
0
Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

 
mukundha_expertCommented:
how r u tracking session??
by cookie or HTTPSession

if HttpSession then you can invalidate and create a new one
or use this page directive to stop creating the default session object '<%@ page session = “false” %>'

after authenticating create a new session.

if you are using cookies , then ceate a cookie after authenticatoin and add it to the response
0
 
sunilramuAuthor Commented:
i was able to allocate a new session with your help, is there anyway to make this secure ( a secure session)
0
 
objectsCommented:
what do u consider to be a secure session?
0
 
mukundha_expertCommented:
you can ensure the session secure by many ways like .. disabling the back option ( going back to previous page ) etc..

if the user logs out and tries to comeback to the previous page.. it should divert him to the login page,
like this there are many issues regarding secure session but these things you have to take care of using your code.. the Httpsession will not handle such scenorios
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.