Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Session fixation - How to prevent with Vaadin session ?

dung nguyen
9 years ago Apr 14, 2014 8:12am
Johannes Dahlström
9 years ago Apr 14, 2014 10:39am
dung nguyen
9 years ago Apr 15, 2014 2:47am
Johannes Dahlström
8 years ago Sep 25, 2014 11:28am
Luca Pertile
4 years ago Oct 25, 2018 8:44am

Hello all. We have a login page and we need to reInitialize session on clickListener method. UI is annotated with Push in manual mode. On clickListener method we get null request using VaadinRequest.getCurrent() and VaadinService.getCurrentRequest(). I think this is caused by push mode: maybe it doesn't generate a request? Other Vaadin applications without Push are working good. We need Push system, so do you have any suggestion?

Vaadin version: 8.5.2 Tomcat version: 9.0


The main problem was a Thread started to handle login process. But after removed this, with Push enabled, we got a IllegalState exception for session already initialized. We solved this one by start UI with Push disabled and enabling it programmatically after the login success.

Last updated on Oct, 25th 2018
Aminul Karim
3 years ago May 17, 2019 9:20am