if(System.getSecurityManager() == null) {
underlyingSession = session.getSession();
} else {
underlyingSession = AccessController.doPrivileged(new HttpSessionImpl.UnwrapSessionAction(session));
}
String newId = underlyingSession.changeSessionId(exchange, originalServletContext.getSessionCookieConfig());
servletContext.getDeployment().getApplicationListeners().httpSessionIdChanged(session, oldId);
return newId;
}
@Override