I have got it from one of the Ben Southers post in some other
thread. Check an attribute in the session which will be always available. If it returns a null, then invalidate the session.
Still my doubt is after the session times out and if the user simply closes the browser with out logging out, is there any way the session will be invalidated after timeout?
If this can be done by Session Listeners, please suggest me some tutorials for how to implement session Listener
regards,
Surendar Prabu