On 3/21/06, vijay venkataraman <[EMAIL PROTECTED]> wrote: > > Think the best way is call a sumit and do the clean up at the server.
You'll likely want to do this in an "onunload" handler for the <body> element. What if cookies are used for maintaining session? - Then i belive we can > destory session at the client side by setting the time expiry on the > cookie. I am not sure though. If cookies are disabled, then session > maintenance happens with the jsessionId, then what happens in that case? If the handler your submit invokes calls session.invalidate(), then it will not matter whether cookies or URL rewriting are used to maintain the session state. It will be removed from the server at that point, so any attempt to come in later will fail. > In that case i think the user can later, type in the URL with the > jsession id and access the page and he could get back to the session, if > it has not expired. > Can anyone clarify? That is why you will want to explicitly invalidate the session. Thanks, > Vijay Craig
