hi there, on a servlet I've got an action which invalidates the user session
on an included jsp fragment, I've got the following code which simple tells me what's the user role (if he has it).
The first time I call the servlet the jsp page still shows me that the user is looged in, but if I call it again, then it correctly shows the user is not authenticated. I'm pretty sure that the servlet does its job, because If I call the protected resources it asks me again to log me in. It actually looks like the jsp page needs a refresh.
I have seen this kinda behaviour with struts. 1. try request.getSession().invalidateSession() in JSP itself. It is not a good practice. 2. request.getSession(true). it will also create new session so that old session wont exists. bit better practice.