Am I the only one that thinks that the servlet spec should have
provision for expiring the session cookie (if used) when a session is
invalidated (with session.invalidate())?
Coding the session cookie expiration oneself violates the principle of
information hiding with respect to how sessions are actually implemented.
Expiring the session cookie at the same time as session invalidation also
preserves consistency of session state between the client and server.
This is useful in determining whether a session has been unexpectedly
lost.
Seems to me like a good candidate for addition to the spec. Or is
there something I'm missing?
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
