I invalidate my session in my action using request.getSession().invalidate();
Gundersen, Richard wrote: > > Hi all > > I came across this page for invalidating the session > > http://struts.apache.org/2.0.11.2/docs/how-do-we-get-invalidate-the-sess > ion.html > > It mentions this way of invalidating the session: > > if (session instanceof org.apache.struts2.dispatcher.SessionMap) { > .... > ((org.apache.struts2.dispatcher.SessionMap) > session).invalidate(); > .... > > Just wondering if > a) this is still the recommended way of doing things (I have no > reason to think it's not btw) > b) I'm writing a public facing site that needs to be secure, so > just wondering if there would ever be a possibility that the session > object might not be an instance of > org.apache.struts2.dispatcher.SessionMap, in which case there could be > potential for the session not to be invalidated when it's meant to be. > Is this a possibility? I don't know enough about Struts 2 to answer this > myself so would appreciate advice. > > Cheers > > Richard > > > As a responsible corporate citizen, London Scottish Bank plc asks you to > consider the environment before printing this email. > > *** Disclaimer *** > > This electronic communication is confidential and for the exclusive use of > the addressee. It may contain private and confidential information. The > information, attachments and opinions contained in this E-mail are those > of its author only and do not necessarily represent those of London > Scottish Bank PLC or any other members of the London Scottish Group. > > If you are not the intended addressee, you are prohibited from any > disclosure, distribution or further copying or use of this communication > or the information in it or taking any action in reliance on it. If you > have received this communication in error please notify the Information > Security Manager at [EMAIL PROTECTED] as soon as possible and delete > the message from all places in your computer where it is stored. > > We utilise virus scanning software but we cannot guarantee the security of > electronic communications and you are advised to check any attachments for > viruses. We do not accept liability for any loss resulting from any > corruption or alteration of data or importation of any virus as a result > of receiving this electronic communication. > > Replies to this E-mail may be monitored for operational or business > reasons. London Scottish Bank PLC is regulated by the Financial Services > Authority. > > > London Scottish Bank plc, Registered Office: 201 Deansgate, Manchester M3 > 3NW Registered Number 973008 England. > > Subsidiary Companies:- > > London Scottish Finance Limited, Registered Office: 201 Deansgate, > Manchester M3 3NW Registered Number 233259 England. > > London Scottish Broking Limited, Registered Office: 201 Deansgate, > Manchester M3 3NW Registered Number 230110 England. > > Robinson Way & Company Limited, Registered Office: 201 Deansgate, > Manchester M3 3NW Registered Number 885896 England. > > ______________________________________________________________________ > This email has been scanned by the MessageLabs Email Security System. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Invalidating-session-tp19178803p19183985.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
