Hi, I'm trying to implement a logout page in my application that uses session state object. Going through documentation and mailing lists I found the only way to invalidate a session is calling the invalidate method not the session object. Since some of the responses on mailing lists date way back to 2007, just want to get a confirmation if that is indeed the right way?
Also, reading the documentation gives an idea that SSO is the preferred way (over named attributes)? Is that correct? Best Regards, Sanket
