Tomcat not invalidating sessions
For larger clusters, to use a primary-secondary session replication where the session will only be stored at one backup server simply setup the Backup Manager.I could see that the cookie stores the JSESSIONID, which does not change after login.As a security fix, I have made the cookie as "secure". How can we make sure that the session id is being changed or a new session is created and all data related to the previous session( session attributes and cookies) is copied over to the new one? Kindly let me know if any other information is also required.The State of API Integration Report provides data from the Cloud Elements platform and will help all developers navigate the recent explosion of APIs and the implications of API integrations to work more efficiently in 2017 and beyond. By all-to-all we mean that the session gets replicated to all the other nodes in the cluster.