We are using Oracle 12c forms and reports for my web based application. Our web security team find out that, when user access the URL from IE, following steps happen.
User keying URL at IE browser https://xxxxxxxx.net:7777/forms/frmservlet?config=yyyy
It generate new session ID
Customized user login screen displayed.
User entered login credentials and submit
Even after entered credentials , it used the same session ID . Please find the attached screen shot for your reference.
Our security team requested to change the session ID after user login or hide the session ID from hacker to track.
