-
Bug
-
Resolution: Done
-
Critical
-
7.4.0.GA.CR1
-
False
-
False
-
-
-
-
-
-
+
-
Undefined
-
-
Creating a new session, or changing the identifier of a session, would otherwise result in a session that cannot be referenced - as it is no longer possible to write the requisite JSESSIONID cookie or encode the location header to the response.
These conditions should result in an ISE.
- clones
-
WFLY-14877 Do not allow application to create a new session or change the identifier of a session after response is committed
- Closed
- is caused by
-
UNDERTOW-1902 Undertow allows session creation and session ID change after response is committed.
- Closed
- is cloned by
-
JBEAP-22066 [GSS](7.3.z) WFLY-14877 - Do not allow application to create a new session or change the identifier of a session after response is committed
- Closed