Tag archives for session fixation workaround
Workaround for session fixation
Tomcat A new security feature for Apache Tomcat 7 is Session Fixation Protection. Essentially, when a user authenticates their session, Tomcat will change the session ID. It does not destroy…