Hello, I have two webapps sharing the same tomcat session. When a session is created I set the session timeout dynamically on my session listener using: session.getSession().setMaxInactiveInterval(). When only the main webapp is open the timeout works nicely: the session is destroyed on timeout and the next http request causes a new session to be created with no user principal which provides me the indication that this is a new session and allows me to react accordingly.
The problem starts when the second webapp is opened as well. In this case, on timeout the session does get destroyed but the new session that is created on a new http request still holds the old user principal - meaning I cannot recognize it as a new session. Does anybody know how can I cause tomcat to clear the user principal before creating a new session after a timeout? Thanks, T.
