Hi, I use TOMCAT 3.2 I tried to invalidate a session by calling HttpSession session.invalidate() The session is not really invalidated. If the user clicks he does not get the same sessionId (with request.getSession(false)) as before the invalidtae() call: but he gets a session with another sessionId: somehow the invalidate() routine creates a new cookie with another sessionId. Strange is that I never created this sessionId before. Does anybody know about this? Axel Lannion/France --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
