ColdFusion 10 introduced the sessionRotate method, an important security tag to address session fixation vulnerabilities. Unfortunately, it does not work if your server uses JEE sessions–formerly known as J2EE sessions–and what’s more, if your code includes sessionRotate when using JEE sessions, no error or warnings are present. Fortunately, there is a way to rotate JEE sessions.