Hi everyone, as far as I can find, every time user logs in with IVY Portal, the session is kept (not renew). renewed). You can check this via _JSESSIONID_. Thus, it leads to [session fixation][1] attack.<br /> May Axon.ivy provide a mechanism to prevent this kind of attack? I am using Axon.ivy 6.3.0.<br /> Thank you. [1]: https://www.owasp.org/index.php/Session_fixation

Hi everyone, as far as I can find, every time user logs in with IVY Portal, the session is kept (not renew). You can check this via _JSESSIONID_. Thus, it leads to [session fixation][1] attack.<br /> May Axon.ivy provide a mechanism to prevent this kind of attack? I am using Axon.ivy 6.3.0.<br /> Thank you. [1]: https://www.owasp.org/index.php/Session_fixation