What are the things you do when a user logs out? Some options include invalidating the entire HttpSession, keeping the session alive but setting some attribute (e.g. "loggedIn") to false, or doing something else I haven't thought of.
I was thinking that upon logout the simplest thing to do is invalidate the session, but there might be really valuable use cases that require a session to remain alive. For example, collecting data on and analyzing usage patterns for a given user while logged in and after logged out (for web applications that have plenty of functionality or content for users that are not logged in). What do your applications do on logout, and what have you seen other production applications do? What's the "best practice" in this regard? What are the tradeoffs I probably haven't thought of? Thanks. -- View this message in context: http://www.nabble.com/-OT--Correct-action-to-take-on-log-out-tf4407955.html#a12575609 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
