>I found something. This is the section that is failing.
>When the servlet executes this, it sends the message
>"Invalidating session" to the server console.
>But next time I run the servlet the session is still there
>and no new session is created.
That's not what is happening.
Here's your code:
> if (action.equals("logout"))
> {
> session.invalidate();
> System.out.println("Invalidating session ... ");
> String url = "/logout.jsp";
> RequestDispatcher dispatcher =
> servletContext.getRequestDispatcher(url);
> dispatcher.forward(request, response);
> }
So you:
- invalidate the session
- print some output
- forward the session to a JSP file
But have you turned off automatic session handling in the JSP file? I
suspect not.
In that case what happens is:
- requested session gets invalidated
- forward to JSP
- JSP automatically creates a new (and uninitialized) session
What gets sent back to your browser is the expiry of the old
session's cookie AND a new cookie with the new session id.
To turn off automatic session creation (which is considered a
usability feature) you must have this in your JSP file:
<%@ page session="false" %>
>I tried the following, leaving out RequestDispatcher,
>and everything works fine. That means, the session
>is really invalidated and the next time I use the servlet
>a new session is created.
Obviously taking out the forward stops the JSP creating a new
session.
Nic
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
