But the question is, If I invalidate one session I can't use the same browser to login again, because the session is created every time I call request.getSession(true), nevertheless if I don't terminate the session, and the session never time out, then the server will store large amounts of sessions that no longer will be used.
-----Original Message----- From: Deep Singh Bhau [mailto:[EMAIL PROTECTED]] Sent: martes 7 de mayo de 2002 13:45 To: Tomcat Users List Subject: RE: Terminating sessions problem. (bug?) this is not a bug. All u have to do is set some attribute in session after successfull login and then check that attribute in each servlet. If the attribute is there in session proceed otherwise throw the login screen. -----Original Message----- From: Garzon Maldonado, Jesus Javier [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 07, 2002 3:49 PM To: Tomcat Users List (E-mail) Subject: Terminating sessions problem. (bug?) Hello all: When a user enter in my site sessions are used to store user data. I get the session using (request.getSession(true);). When users leave the site the session is invalidated (request.getSession().invalidate();). But, if users enter again from the same browser instance each call to (request.getSession(true);) creates a new session so it's impossible to get data associated with the session from differents servlets. If users enter from another browser instance, sessions works fine. I'm using Apache 1.3.20 + Tomcat 4.0.3 on windows NT, but this also happened with Tomcat 3.2.1 and on unix platforms running Tomcat 3.2.1 standalone. This is a bug?, Am I doing something wrong? Thank you very much. Regards Jesús Javier Garzón Maldonado Radar, Mando y Control Carretera Loeches, Nº 9 28850 - Torrejón de Ardoz (ESPAÑA) Tel: +34-91-626.82.68 [EMAIL PROTECTED] www.indra.es -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>