[11:39:21 CDT(-0500)] <TonyUnicon1> DEV: 10:38:21.555 [http-8080-1] WARN o.s.s.w.a.s.SessionFixationProtectionStrategy - Your servlet container did not change the session ID when a new session was created. You will not be adequately protected against session-fixation attacks
[11:39:31 CDT(-0500)] <TonyUnicon1> is this something to worry about?
[11:39:36 CDT(-0500)] <TonyUnicon1> I don't think I've seen it before
[11:39:44 CDT(-0500)] <pspaude> I've been seeing that too and no it wasn't there before
[11:40:37 CDT(-0500)] <dmccallum54> it's "ok"
[11:40:46 CDT(-0500)] <dmccallum54> we've always been running with that
[11:40:57 CDT(-0500)] <dmccallum54> with session fixation protection disabled i mean
[11:41:08 CDT(-0500)] <TonyUnicon1> ok
[11:41:09 CDT(-0500)] <dmccallum54> but the oauth changes upgraded springsecurity
[11:41:24 CDT(-0500)] <dmccallum54> so i think that's what's causing the new log message
[11:41:36 CDT(-0500)] <TonyUnicon1> alright