Hi I'm using servlet filter to change session ID on every request in order to avoid session fixation. My problem is when the method doFilter ends the application is redirected to login page. I just want to invalidate and create new session, without redirect. I don't have any other filter.
There is my doFilter code:
HttpSession session= httpServletReq.getSession();
if(session!=null){
User u = session.getAttribute("user");
session.invalidate();
HttpSession newSession = httpServletReq.getSession(true);
newSession.setAttribute("user", u);
}
chain.doFilter(req, resp);
The pattern on filter is ***.xhtml**
Why am I getting redirect to login?
Is it ok to change session ID on a filter?
Thanks
question from:
https://stackoverflow.com/questions/66055702/httpsession-invalidate-is-redirecting-to-login-page 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…