1. J2EE PreAuthorization and Session Fixation Protection forum.springsource.orgJ2EE PreAuthorization and Session Fixation Protection I recently tried to implement J2EE PreAuthorization using Tomcat as my containter. Everything seemed to work fine, except I would get prompted for my credentials ... |
2. Problem with Session Fixation Attack Protection mechanism forum.springsource.orgProblem with Session Fixation Attack Protection mechanism Hi, I have a problem with Session Fixation Attack Protection mechanism. Actually it does not work at all because of never "true" condition in ... |
3. session fixation protection problem forum.springsource.orgsession fixation protection problem Hi, we have observed an odd behaviour with the session-fixation-protection property in our http setup. We currently define no property which, according to the documentation, should default ... |
4. problem with session-fixation-protection in spring 3.0 forum.springsource.orgproblem with session-fixation-protection in spring 3.0 Hi, I am trying to migrate from spring security 2.0.4 to spring 3.0.1 Everything seems to work fine except the session management settings in the ... |
5. session-fixation-protection forum.springsource.orgHi, I'm quite new to spring security. I want to know why we want to change the "session-fixation-protection" property, and which scenarios need such change? Also some one explain the three ... |
6. session fixation default is false, docs say true forum.springsource.orgsession fixation default is false, docs say true The source (2.0.5) has invalidateSessionOnSuccessfulAuthentication as false, as confirmed in SEC-399 "Default is turned off to not upset any existing functionality." However, the ... |