Issue
How can we fix the session fixation issue in web application where as i am logging in to the application using openam.
please give some suggestion .
Any help would be appriciated.
Thanks in advance.
Solution
To mitigate session fixaction after successfull login invalidate the current session and create a new session.
The flow will be
- After successful login store the user information temporarily
- Invalidate the current session
- Create a new session
- Copy the user information to the new session.
This way session fixation can be avoided.
Answered By - Karthikeyan
Answer Checked By - Marie Seifert (JavaFixing Admin)