This content has been marked as final.
Show 2 replies
-
1. Re: How to correctly invalidate httpSession?
jfuerth Jan 9, 2013 12:36 PM (in response to peter.probst)Hi Peter,
May I ask what you're doing at a higher level that makes you want to invalidate the session?
In my experience, I've always found the HttpSession.invalidate() call to be more trouble than it's worth. Generally when I want to mark a session as "logged in" I will insert a User attribute into it:
session.setAttribute("user", authenticatedUser);
and when the user logs out, I'll remove that object:
session.removeAttribute("user");
Could this work in your situation, or are your needs different?
-Jonathan
-
2. Re: How to correctly invalidate httpSession?
peter.probst Jan 10, 2013 6:21 AM (in response to jfuerth)Hello Jonathan,
thanks for the quick response. We have decided to use a logical session management similar to what you have described above. So we do not use the session.invalidate() anymore.
-Peter