Hi all I came across this page for invalidating the session
http://struts.apache.org/2.0.11.2/docs/how-do-we-get-invalidate-the-sess ion.html It mentions this way of invalidating the session: if (session instanceof org.apache.struts2.dispatcher.SessionMap) { .... ((org.apache.struts2.dispatcher.SessionMap) session).invalidate(); .... Just wondering if a) this is still the recommended way of doing things (I have no reason to think it's not btw) b) I'm writing a public facing site that needs to be secure, so just wondering if there would ever be a possibility that the session object might not be an instance of org.apache.struts2.dispatcher.SessionMap, in which case there could be potential for the session not to be invalidated when it's meant to be. Is this a possibility? I don't know enough about Struts 2 to answer this myself so would appreciate advice. Cheers Richard As a responsible corporate citizen, London Scottish Bank plc asks you to consider the environment before printing this email. *** Disclaimer *** This electronic communication is confidential and for the exclusive use of the addressee. It may contain private and confidential information. The information, attachments and opinions contained in this E-mail are those of its author only and do not necessarily represent those of London Scottish Bank PLC or any other members of the London Scottish Group. If you are not the intended addressee, you are prohibited from any disclosure, distribution or further copying or use of this communication or the information in it or taking any action in reliance on it. If you have received this communication in error please notify the Information Security Manager at [EMAIL PROTECTED] as soon as possible and delete the message from all places in your computer where it is stored. We utilise virus scanning software but we cannot guarantee the security of electronic communications and you are advised to check any attachments for viruses. We do not accept liability for any loss resulting from any corruption or alteration of data or importation of any virus as a result of receiving this electronic communication. Replies to this E-mail may be monitored for operational or business reasons. London Scottish Bank PLC is regulated by the Financial Services Authority. London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 973008 England. Subsidiary Companies:- London Scottish Finance Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 233259 England. London Scottish Broking Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 230110 England. Robinson Way & Company Limited, Registered Office: 201 Deansgate, Manchester M3 3NW Registered Number 885896 England. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
