Same sessionid after invalidating session speed dating 40 year old virgin quotes
In addition, sending the old ID can be done as part of the testing to ensure that it is no longer recognised as an authorised session.
After invalidation of a session, is it possible to get new session through request object via Session() without making a new request?
It's not a bug, your sessions are still unique, it's just the ID that is being reused.If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an Illegal State Exception is thrown.i agree your ans but my question is after this out.println("Session is " session); session.invalidate(); out.println("New session is " Session()); and call request dispatcher and forword to another path and call session Session so ican'd get it it gives null but i needed in my project for maintain session and also sequire my session to no one heck it I think you need to seriously evaluate your requirements and truly understand what security means, how you achieve it with Java EE and perhaps consult someone who's an expert in secure web applications. Even if the JSESSIONID is still present the session whose ID it is holding is already invalidated , so how can you get that session back My point is when you say session.invalidate() the session object is destroyed , so even if you use the same browser which will use the same JSESSIONID how will you be able to access an object( the session in this case ) after it has been destroyed..??I will try and put the problem differently: I have a web application which presents a login page to the user.
My request object flow to 1st page to 2nd page and 2nd page to 1st page again 1st page to 2nd page and again same 2nd page to 2nd page ....request page can not be change but every time request 1st page to 2nd page we need to fetch detail to session and invalidate it and again created it..