What is session cancellation?

Question

What is session cancellation?

Invalidation of the session means destruction of the session. Thus, if the session is destroyed, it indicates that the server cannot identify the client who visited in the previous one. It now creates a new session ID for this client.

Is it correct? If wrong tell me the correct procedure.

+3

servlets

user1286481 March 25 12 at 16:15

source to share

3 answers

Jf Beaulac · Answer 1 · 2012-03-25T16:38:16+0000

Calling HttpSession.invalidate () just clears any object attached to it and marks it as invalid, so if you try to change it after that it will throw exceptions.

Once the session has been invalidated, the SessionID placed in the cookie on the client will also be invalid and a new new one will be created when a new session object is created. Thus, the new session will have a new ID.

This is useful for handling like login / logout. Sessions should always be invalidated on login to prevent session-fixation attacks.

Ramesh PVK · Answer 2 · 2012-03-25T17:08:40+0000

Yes, absolutely right

... Invalidation of the session will invalidate the session and will be destroyed. If the client has a session ID that was invalid, a new session will be created.

Pulipati prasadarao · Answer 3 · 2015-02-28T12:45:05+0000

session.invalidate ():

If we enter gmail, then on the server server will create a session object

If we call the session.inValidate () method, then we are logged out because the session object was destroyed by the server.

What is session cancellation?

More articles: