Merged revision 1393071 from tomcat/trunk: Improve session management in CsrfPreventionFilter It is a fix for CVE-2012-4431.