During the testing of my ongoing project, I found that, sometimes a user has to be logged into my site for more that 30-40 minutes which is well above the normal 20 minutes of session timeout by tomcat (I am aware that this can be increased/decreased) When I implement HttpSessionBindingListener, method valueUnbound() works just perfect and removes inactive session from the table (I wrote code seperately to do this by overriding this method). My probelms are lying here, a user who does not use logout option and closes the window, has to wait for next 20 minutes so that his old session is removed and he is allowed to log-in again. Partially, this can be solved by using cookies, if the user uses the same machine, but choses a different machine.... there is no way. The only way appears is to invalidate old session by its sessionId without waiting for valueUnbound() method to invoke when a new login request comes in by the same user id and Please let me know in detail as how can I do this in Tomcat 3.2 (setting flag to use deprecated methods) and invalidate a session by its id Thanks in advance Regards Venkat __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
