Ability to Change Session ID on Authentication (Oracle iPlanet Web Server 7.0.9 Release Notes)

Oracle iPlanet Web Server 7.0.9 Release Notes

Ability to Change Session ID on Authentication

Web Server 7.0.9 adds the changeSessionIdOnAuthentication property to the sun-web-app element of the sun-web.xml file. This property enables web applications to change session IDs upon authentication in order to avoid session fixation attacks. For more information, see sun-web-app Element in Oracle iPlanet Web Server 7.0.9 Developer’s Guide to Java Web Applications.