-
Bug
-
Resolution: Done
-
Major
-
24.0.0.Beta1
-
None
Creating a new session, or changing the identifier of a session, would otherwise result in a session that cannot be referenced - as it is no longer possible to write the requisite JSESSIONID cookie or encode the session identifier in the location header to the response.
These conditions should result in an ISE.
- is caused by
-
UNDERTOW-1902 Undertow allows session creation and session ID change after response is committed.
- Closed
- is cloned by
-
JBEAP-22065 [GSS](7.4.z) Do not allow application to create a new session or change the identifier of a session after response is committed
- Closed