Show TOC

Terminating a SessionLocate this document in the navigation structure

Use

Develop your application in a way that enables the application user to terminate his or her session explicitly. For example, when running an e-commerce site that encompasses several applications, this would enable the user to terminate the current session to a particular application (such as a shopping cart application) without having to leave the site.

Terminating the session when the user completes the desired activities is good, since all objects that were part of the session are released. Properly managing session lifetime is also critical for any application that deals with security-sensitive data.

To terminate a session, use the invalidate() method of HttpSession object.

Note

Always consider configuring an appropriate session timeout using the deployment descriptor of your Web applications! This enables the Web Container to invalidate the session if unused for the specified period of time.