What is session cancellation?

Invalidation of the session means destruction of the session. Thus, if the session is destroyed, it indicates that the server cannot identify the client who visited in the previous one. It now creates a new session ID for this client.

Is it correct? If wrong tell me the correct procedure.


source to share

3 answers

Calling HttpSession.invalidate () just clears any object attached to it and marks it as invalid, so if you try to change it after that it will throw exceptions.

Once the session has been invalidated, the SessionID placed in the cookie on the client will also be invalid and a new new one will be created when a new session object is created. Thus, the new session will have a new ID.

This is useful for handling like login / logout. Sessions should always be invalidated on login to prevent session-fixation attacks.



Yes, absolutely right

... Invalidation of the session will invalidate the session and will be destroyed. If the client has a session ID that was invalid, a new session will be created.



session.invalidate ():

If we enter gmail, then on the server server will create a session object

If we call the session.inValidate () method, then we are logged out because the session object was destroyed by the server.



All Articles