How to invalidate a user session, when I only have a session ID?
Here are some more info:
1) I have a
servlet called LogoutServlet.java that programmatically invalidates user HttpSession.
2) I do a Single Sign On to a third party web application, i.e. ssoWeb. I tell him my sessionID. After a while, ssoWeb invokes my LogoutServlet and passed me back the sessionID.
Now I want to invalidate that session, how do I do it?
I noticed HttpSessionContext has a method getSession(
String sessionId). However, I don't want to use it, since it is deprecated.
Thank you.