|Topic:||Session fixation prevention now turned on by default|
|Versions affected:||1.8.x and <1.9.8|
|Reported by:||Sascha Herzog|
|Solution:||upgrade to 1.9.8 and confirm the enabling of session id regeneration|
Enabling of "Regenerate session id during login" setting is now strongly recommended for all production servers. It is now compatible with all official authentication plugins including mnet.