Invalidating session in servlet
The servlet contacted through that link creates a new session, but the new session does not have the data associated with the previous session.Once a servlet loses the session data, the data is lost for all servlets that share the session.However we do know that it may be a potential security issue and we have a mechanism in place that on sign out will trigger the invalidation of all the portlet sessions that the user has used during its session.Alternatively you could invalidate that specific portlet session.Sessions are shared among the servlets accessed by a client.This is convenient for applications made up of multiple servlets.I'm going to mix psuedo code and real code to give you an idea of what I mean./* This is part of the Manager Servlet's code */ public void init( Servlet Config cfg ) throws ...
The Sign Out command essentially destroys all the sessions of the various portlet web applications visited by the user.
You should consistently use URL rewriting if your servlet is to support clients that do not support or accept cookies.
Hi, My application controls user login, such that when one client logs in, the application will check if there is an existing similar client (of the same username and password) that has logged in elsewhere.
One such convention is , indicating that, for example, the client does not yet know about the session. You must deal with situations involving new sessions.
In the Duke's Bookstore example above, if the user has no shopping cart (the only data associated with a session), the servlet creates a new one.