Invalidating the session in jsp dating internet romance
This lifecycle is described there docs.oracle.com/javaee/6/tutorial/doc/Behind the scenes, the system extracts a user ID from a cookie or attached URL data, then uses that ID as a key into a table of previously created Http Session objects.
In a web application, server may be responding to several clients at a time so session tracking is a way by which a server can identify the client.
Firstly if you are using the J2EE Authentication service you cannot calla the login page directly but you execute the logaout ina separate page then you redirect the user to Home page.
Please explain about the functionality of session.invalidate().
When session.invalidate() is called while logging out from application will it clear all the seesion related data?
If we login to the application again request.getsession(true) will ...
and according to sun this method is depreciated for security reason.
so kindly is there any alternative way we have many thing like remote ip address, Session Listner, Context Listner etc. The best method to invalidate session or not allowing a user to have more than one session, is to create the context scoped map and store the session id and all the relevant info of user into the map.