Hi Jignesh,
You are right..!
session = request.getSession(false);
retrieves a session if already a session exists otherwise which it should return "null".
However, in your case where are you invalidating the session? The
servlet container creates a session for you by default. Hence, if you want to make sure that you always want to use a new session, then your code should look like:
// Try retrieving any existing session
HttpSession session = request.getSession(false);
// If session already exists, clear by invalidating the same.
if (session != null)
{
session.invalidate();
}
// Create new session now.
session = request.getSession(true);
We need to follow the above steps since
HttpSession session = request.getSession(true);
does not always ensures the creation of new session.
Hope this helps.
Thanks and Regards,
~Krithika