Invalidating a session

Rated 3.81/5 based on 735 customer reviews

A session is considered new if it has been created by the server but the client has not yet acknowledged joining the session.

For example, if a server supports only cookie-based sessions and a client has completely disabled the use of cookies, calls to the if the session being accessed is invalid.

The rules used to decide when and how to encode a URL are server-specific.

All URLs emitted by a servlet should be run through this method.

A servlet that manually invalidates sessions according to arbitrary rules is useful on servers with limited session expiration capabilities.

Fortunately for us servlet developers, it's not always necessary for a servlet to manage its own sessions using the techniques we have just discussed.The level of support, however, depends on the server.The minimal implementation provided by the servlet classes in JSDK 2.0 manages sessions through the use of persistent cookies.A server can build on this base to provide additional features and capabilities.For example, the Java Web Server has the ability to revert to using URL rewriting when cookies fail, and it allows session objects to be written to the server's disk as memory fills up or when the server shuts down.

Leave a Reply