Issue with Session ID (JSESSIONID) Not Being Recreated After User Login via Internet Banking

Hi everyone,

I'm encountering an issue where a new session ID (JSESSIONID) is not being created when a user logs in via Internet Banking. The following code is supposed to clear the current session and create a new one, but it's not working as expected. The session doesn't seem to be invalidated or recreated properly.

Here’s the code snippet:

if (user != null) {
    log.error("USER NOT NULL");
    JiraAuthenticationContext jiraAuthenticationContext = ComponentAccessor.getJiraAuthenticationContext();
    jiraAuthenticationContext.setLoggedInUser(user);

    HttpSession httpSession = req.getSession(false);
    if (httpSession != null && !httpSession.isNew()) {
        log.error("INVALIDATE SESSION");

        httpSession.invalidate();
    }
    log.error("GET SESSION");

    httpSession = req.getSession(true);
    httpSession.setAttribute(DefaultAuthenticator.LOGGED_IN_KEY, user);
    httpSession.setAttribute(DefaultAuthenticator.LOGGED_OUT_KEY, null);

    loginManager.onLoginAttempt(req, user.getName(), true);
    rememberMeService.addRememberMeCookie(req, resp, user.getUsername());
    return true;
}

The code is supposed to invalidate the current session and create a new one, ensuring that a new JSESSIONID is generated. However, the session ID remains unchanged. Could anyone help me understand why this is happening and how I can ensure that a new session is created properly?

Thanks in advance for your help!