Invalidating any existing session
Http Inbound Link.handle New Request(Http Inbound Link.java:511) at channel.
Http Inbound Link.process Request(Http Inbound Link.java:305) at channel.
Hello all, We have a requirement to launch a new browser window with new session but the exisiting session with parent browser should not be disturbed.
We tried couple of methods the new session is created but the existing session is modified.
Scoped Attribute Value(Scoped Attribute ELResolver.java:89) at Http Jsp Base.service(Http Jsp Base.java:99) at javax.
Aio Read Completion Listener.future Completed(Aio Read Completion Listener.java:165) at io.async.Once a user logs in, they are presented with one of these forms (which use CSRF).The issue is that if this box is presented after the authentication, the CSRF tokens are invalidated.However if you really don't want to do that, You said: Thanks to @Mark Fox for pointing me to this CWE - although I knew it was through design, I'd hoped there would be a way for me to avoid going down the route I ended up.This also works fine, i.e it redirects me to if the session isn't created.
Servlet Wrapper.service(Servlet Wrapper.java:1657) at ws.webcontainer.servlet. Servlet Wrapper.service(Servlet Wrapper.java:1597) at ws.webcontainer.filter. Web App Filter Filter(Web App Filter Chain.java:131) at org.apache.struts2.dispatcher.