views:

10

answers:

0

Hi ,

I have one issue related to session id, in my application i am removing all session attributes and invalidating the session, then recreate the new session and assign old values. but in this scenario always gives the same session id. The reason for doing this is that session hijack they get the old session id and hack the application, so i am invalidating the old session and recreate the new session , but gives same session id, so they are easily hacking the application.

could you please help me how to solve the session id hijacking.