but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea . [ September 14, 2006: Message edited by: Bear Bibeault ]
Is the problem that your browser is caching pages rather than the session not being invalidated.
I have seen issues where invalidating the session doesn't appear to do so (but actually has) but the browser still allows users to view secured pages because they are cached.
Actually after i invalidated my session, i am using sessionScope map to store some user information in the same Logon.java file. but since i invalidated the session i couldn't use the sessionScope map. so i want to create a new sessionScope map again after invalidating. if i create it as below it is not creating new sessionScope.
but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea .
After you invalidated the session, new session object would be created on the next request. You just need to create the map and bind that map to the session. Thats it.
i want to create a new session in the same request. after user name and password validation done, i want to store some user info into the sessionScope map in the same request.
since we invalidated the existing session,i couldn't you use the sessionScope map. i want to create a new session and needs to bind with sessionScope.
It is not. Or at least I haven't seen that approach being used. Typically when you invalidate a session, you are done.. fini.. you create a new one by having the browser start a fresh request. Maybe you shouldn't be invalidating your session if you want to preserve portions of it.
Or, maybe someone has done this, but I have seen this done before.
-Chris
Post by:autobot
Watchya got in that poodle gun? Anything for me? Or this tiny ad?
a bit of art, as a gift, the permaculture playing cards