I am using Resin 4.0.41 and have trouble when creating new session using HttpSession.
I have following codes:
// "request" has type of HttpServletRequest
HttpSession session = request.getSession(false);
if (session!=null) {
session.invalidate();
session = request.getSession(true); // create the session
}
String sessionId = session.getId();
It was performed when user successfully login, and I want to store the Session ID. But when user login, logout, and login again, the first login and the second one always have the same Session ID.
Is it a bug from Resin 4.0.41 when dealing with HttpSession? I am sure it is not a bug but can be set in Resin configuration (resin.xml). How we can do it?
I have some experiments on tag but it is still didn't work.
I have solved it by using parameter:
<session-config>
<reuse-session-id>false</reuse-session-id>
</session-config>
I found it worked when using Resin 4.0.41. If I use Resin 3.1.9 I wonder why it didn't work.