sundartri, When you invalidate a session, you remove all bindings as well as some other container stuff associated with that session. However, I do not think the ID gets set to null. At that point the session is invalid. Then, if you make a request from same browser, the session id may get re-used, but it is in fact a new session. If you need to convince yourself of this, then save something in session scope and see if it is available after session is invalidated.
cgriffith View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3955500#3955500 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3955500 Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
