| Re: [jetty-users] Session invalidation |
https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getSession() getSession() Returns the current session associated with this request, or if the request does not have a session, creates one. I think you wanted to use getSession(false). -----Original Message----- From: jetty-users <jetty-users-bounces@xxxxxxxxxxx> On Behalf Of John English Sent: Friday, February 26, 2021 1:14 PM To: jetty-users@xxxxxxxxxxx Subject: [jetty-users] Session invalidation I have a webapp requiring a user to log in before doing anything else. State information is stored in an object in a session attribute called "state". When I log out I do the following: HttpSession session = request.getSession(); if (session != null) { session.removeAttribute("state"); try { session.invalidate(); } catch (IllegalStateException e) { } } I go to the webapp and log in, then open another tab for the same webapp and log out, executing the code above. I then go back to the first tab and click a button which sends a POST request to a servlet that starts off like this: HttpSession session = request.getSession(); SessionState state = (session != null ? (SessionState)session.getAttribute("state") : null); The session and the state are both valid objects after these two lines. Can anyone tell me what might be happening here? -- John English _______________________________________________ jetty-users mailing list jetty-users@xxxxxxxxxxx To unsubscribe from this list, visit https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.eclipse.org%2Fmailman%2Flistinfo%2Fjetty-users&data=04%7C01%7Cpeter.ondruska%40kaibo.eu%7Cd63aabf45e064d65327508d8da500bbc%7C971fa002c3a649c18191cb7e49d9cb77%7C0%7C0%7C637499384612004899%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=0Rbjk3c6EQjoG10LYUx0Kovl5litJModo2V2RUtt2P4%3D&reserved=0