How to delete the server side sessions

Hi All,

I have a wireless application and it is accessed through ptg/rm gateway from a PDA browser. Oracle wireless AS gives default login page (when the application is accessed through ptg/rm gateway) and when user login, user information session might get stored in server side (I am not sure, if any one can pls clarify me on this also?).

Now i have a requirement, in which my application user should get 'logoff' button in each and every page of my application. When he clicks on this button the user information session should get invalidated, so that even if the user goes back to the application (using back button of the browser) he should not able to enter the application. (This is same as any std. login/logout page logic).

Invalidating the session which resides in client side is easy (By using session.invalide()), but how can i delete the session which resides on the server side??? Whether is it possible??
If yes then how can i do it.

Any help will be very usefull.

Thanks well in adavance.
Shrikant

Greetings,

It appears that you have 2 possible scenarios that you will have to handle on the server side to destroy a session.

The first scenario is when the client clicks the "logoff" button. On the server side, you would get the HttpSession object from the request object and then call the invalidate() method on the HttpSession object. See the JavaDoc API documentation (http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSession.html).

The second scenario where the user exits the app without leaving the application in the expected manner of clicking the "logoff" button. This leaves your application not knowing if the user is still there or not (unless you have a short session timeout setting). You need to test many session timeout scenarios to see what will work and keep your server from running out of memory.

Regards & God Bless,
Tom Pridham
Coastal Software Solutions, Inc.