Invalidating session in java

I created a folder "classes" under WEB-INF and have it in it. I've written the code in question ablove Invalidate the session in the servlet or the JSP that you go to when a user hits "log out".

To handle this issue follow the link post by Balus C above in the first [email protected] Gurung - Thanks for telling, but I am not clear on where to keep filter class in my project.

In my website a person when logs-out reaches the login page but on clicking back button he can access the previous page.

invalidating session in java-22

Can I log into your application with my desktop computer and my i Pad? my requirement is that i am administrator and multiple users login through remote locations, i want to monitor the users so i want to keep access to show me list of active users and which i have done and also access to invalidate that particular this.session Id is conformed coming from jsp.

I have also mention that i used http session Context's method get Session(String session ID) but which is depreciated.

How about people who run both Firefox and Chrome, which are separate applications, on the same computer?

What about shared IP connections on separate computers?

But this only removes it on the server side, what happens on the client side?

Does the user still keep keep the cookie with the session ID which now no longer has a corresponding session object on the server and keeps sending this to the webserver?

// Note : // We may need to invalidate the existing session to ensure that all previous session data(s) for the user is removed from the context. I have observed that even after Session Times out,the Servlet uses the same previous Session ID.(may be because of Cookies etc..

// Example : When user login to the application after Session Times out,we may not need his previous session data and we need to create a new session for the user. ) and I am able to see the previous session data in the JSP pages.

If the user pushes the "Yes" button I will have to logoff that user from the authenticating app Questions 1) I read that Filter is the best way to invalidate the session.

In my case since the authenticating app is intended to be used by more than 1 user how will the filter know which session it needs to invalidate?

and according to sun this method is depreciated for security reason.

Tags: , ,