I use the "session" variable of the HttpSession object to do just this. Call session.invalidate() to release all objects bound to the session. I do it with an "Exit" button, but you can just as easily call a jsp page with onunload="invalidate.jsp" in the body tag. My invalidate.jsp simply contains: <% session.invalidate(); %>
Why wouldn't you just use the built-in session timeout support?
James Carman, President<br />Carman Consulting, Inc.
A good suggestion, here are few examples where I can't use session time-out: 1. wizards, it assumes using several screens, of course it's better solution to keep state of wizard in hidden fields, but sometime session is more preferable. So, if user left wizard and continue working on other screens, wizard state remains in session. 2. work in single sign on environment, Siteminder agent manages user logins and requires to have no time out for sessions. 3. Some other examples you can give me from your experience.