s it a good practice/idea to call session.invalidate
in the Login Servlet / Login Action class.(if we use struts framework)
Below is the piece of code :
// Get the existing session.
HttpSession session = request.getSession(false);
// Invalidate the existing session.
// Note :
// We may need to invalidate the existing session to ensure that all
previous session data(s) for the user is removed from the context.
// Example : When user login to the application after Session Times
out,we may not
need his previous session data and we need to create a new session for the user.
if(session!=null) {
session.invalidate();
}
// Create a new session for the user.
session = request.getSession(true);
0 留言:
發佈留言