Recreating Session ID after user authentication to avoid Session Fixation Attacks
After user authenticates I want to change the session id so that the application is secured from session fixation attacks. I have checked ATG community and found some references where the solution is given as to invalidate the session and recreate a new session. But my doubt is if we do so will the data already stored in session such as shoppping cart, locale preference etc. will be lost or retained into new session by the app server(I am using weblogic 10)? Also want to know if session invalidation has any side effects on memory management doen by the application
0