Hi, This is what I noticed. If a user logs in and then hits browser refresh on the IE another session is created...it is effectively like logging in the user again I came across this problem when tracking down another issue. We are explicitly doing session.invalidate() in the logout and when the browser refresh is hit a Illegal state exception is thrown. I remove session.invalidate and everything works fine. Some System.outs in the login function led me to the conclusion that hitting the browser refresh does login the user the second time with a new session. This I know could be happening because of the Post behavior of the form where it caches the login request and then when the refresh is hit this request is resubmitted and the login occurs again.
My questions: 1) Has anybody encountered this problem? If yes how is it getting solved since we do not want sessions hanging around just like that. 2) Also where is the session.invalidate happening when the user logs out? This guarantees that all the session variables are invalidated. We are trying to do this so that we do not hanging references around. I would appreciate a response. Thanks in advance for your time and patience. Thanks and Regards, Archana
