Hi Sanket,
We use:
@Inject
private HttpServletRequest request;
...
if (request.getSession(false) != null)
request.getSession(false).invalidate();
However, since we also use an SSO, we have to remove all cookies associated
with the SSO, etc.
mrg
On Wed, May 7, 2014 at 3:31 PM, Sanket Sharma <sanketsha...@gmail.com>wrote:
> Hi,
>
> I'm trying to implement a logout page in my application that uses session
> state object. Going through documentation and mailing lists I found the
> only way to invalidate a session is calling the invalidate method not the
> session object. Since some of the responses on mailing lists date way back
> to 2007, just want to get a confirmation if that is indeed the right way?
>
> Also, reading the documentation gives an idea that SSO is the preferred way
> (over named attributes)? Is that correct?
>
>
>
> Best Regards,
> Sanket
>
