Hi All,
Is it a good
practice/idea to call session.invalidate
in the Login Servlet / Login Action
class.(if we use struts framework)
Below is the piece of code :
// Get the existing session.
HttpSession session =
request.getSession(false);
// Invalidate the existing session.
// Note :
// We may need to invalidate the existing session to
ensure that all previous session data(s) for the user is removed from the
context.
// Example : When user login to the application after Session
Times out,we may not
need his previous session data and we need to create a
new session for the user.
if(session!=null) {
session.invalidate();
}
// Create a new session for the user.
session =
request.getSession(true);
Thanks in advance.
Dhanasekaran
