Java Mailing List Archive

Home » Home (12/2007) » J2EE Pattern »

Servlet : Session.invalidate

Dhanasekaran Voimuni


Hi All,
Is it a good practice/idea to call session.invalidate
in the Login Servlet / Login Action class.(if we use struts framework)

Below is the piece of code :

// Get the existing session.
HttpSession session = request.getSession(false);

// Invalidate the existing session.

// Note :
// We may need to invalidate the existing session to ensure that all previous session data(s) for the user is removed from the context.

// Example : When user login to the application after Session Times out,we may not
need his previous session data and we need to create a new session for the user.

if(session!=null) {
// Create a new session for the user.
session = request.getSession(true);

Thanks in advance.
©2008 - Jax Systems, LLC, U.S.A.