-
1. Re: Creating new sessionID in the browser after application
j2ee_junkie Jul 5, 2006 9:22 AM (in response to sundartri)sundartri,
When you invalidate a session, you remove all bindings as well as some other container stuff associated with that session. However, I do not think the ID gets set to null. At that point the session is invalid. Then, if you make a request from same browser, the session id may get re-used, but it is in fact a new session. If you need to convince yourself of this, then save something in session scope and see if it is available after session is invalidated.
cgriffith -
2. Re: Creating new sessionID in the browser after application
dzhao00 Jul 13, 2006 3:47 PM (in response to sundartri)Hi sundartri,
After you invalidate the session, also delete the cookie that is tracking the session. This way you will get a new sessionId when the next time you call request.getSession(true).
In my case, I'm using JBoss 4.0.3SP1 and the cookie name is JSESSIONID. use cookie.setMaxAge(0) will delete the cookie.
That should do the trick. Good Luck.
Dave. -
3. Re: Creating new sessionID in the browser after application
j2ee_junkie Jul 13, 2006 3:55 PM (in response to sundartri)Why bother. There is no harm in re-using the session ID. The real issue is weather or not the session contents were getting trashed on invalidate. If that is occuring, then all is good.
cgriffith -
4. Re: Creating new sessionID in the browser after application
dzhao00 Jul 13, 2006 4:22 PM (in response to sundartri)I know what you're saying. But if someone has his own reason or is already using sessionId in his code and have to find a quick solution right away, keep saying why bother doesn't help.
-
5. Re: Creating new sessionID in the browser after application
j2ee_junkie Jul 13, 2006 5:01 PM (in response to sundartri)dzhao00,
There was no requirement to not re-use session ID in original question of sundartri. The problem was how to invalidate the session. The original poster was under the impression that the session was not being invalidated because the ID did not change. You mis-read the problem and added a solution that was unecessary.
cgriffith -
6. Re: Creating new sessionID in the browser after application
dzhao00 Jul 13, 2006 5:42 PM (in response to sundartri)A colleague of mine was looking for a quick solution to get a new sessionId when he upgraded the app server from jboss 3.2.5 to jboss 4.0.3sp1, because in his code he already used the sessionId and refactoring is not a good option for him now. We searched on the web including this forum and didn't find any clue. The subject of this thread is on top of the search results. I just want to post the way to do it for those people who does need a new sessionId. If you only need to invalidate the session, and don't care about the sessionId, fine, ignore my post. I don't want to waste my time argue with you whether I should post it here or not.