Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Session invalidation
I have a webapp requiring a user to log in before doing anything else. State information is stored in an object in a session attribute called "state". When I log out I do the following: 

    HttpSession session = request.getSession();
    if (session != null) {
      session.removeAttribute("state");
      try {
        session.invalidate();
      }
      catch (IllegalStateException e) { }
    }
I go to the webapp and log in, then open another tab for the same webapp and log out, executing the code above. I then go back to the first tab and click a button which sends a POST request to a servlet that starts off like this: 

    HttpSession session = request.getSession();
SessionState state = (session != null ? (SessionState)session.getAttribute("state") : null); 

The session and the state are both valid objects after these two lines.

Can anyone tell me what might be happening here?

--
John English

Back to the top