temp temp wrote:
my application uses container managed security , j_security_check,
we create session before user login so i dont want to call session.invalidate
if users wants to logout is there anything i can do to logout user ?
If you don't invalidate the session, it will still contain any data that
was put into it while the user was logged in, which could be a security
hole. In your case, what you probably want to do is invalidate the
session and then repeat your session initiation logic.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
