We have already seen invalidate() method in session implicit object tutorial. Here we will see how to validate/invalidate a session.Lets understand this with the help of an example: In the below example we have three jsp pages.How about people who run both Firefox and Chrome, which are separate applications, on the same computer?What about shared IP connections on separate computers?hi all, Is it a good practice/idea to call session.invaliate in the Login Servlet.Below is the piece of code : // Get the existing session. This would mean that if someone failed to log out, and another user logged in using the same browser, they would get a new session. I have faced a few "Null Pointer Exceptions" with the session object that i am using in my web application(diffuct to find out why ??And the class which is executing on aprticular time is a normal Java class. Regards, Sree All valid sessions are grouped together in a Http Session Context object.Theoretically, a server may have multiple session contexts, although in practice most have just one.
get Session() returns the session associated with the given session ID.The session handles the returned promise and when it resolves becomes authenticated, otherwise remains unauthenticated.All data the authenticator resolves with will be accessible via the session data's property. A resolving promise indicates that the session was successfully authenticated while a rejecting promise indicates that authentication failed and the session remains unauthenticated.Always remember that your session can disappear at any time for a wide variety of reasons.Critical data should always be saved to a permanent datastore (such as the database), and the session should be reserved for data caching and user management information.and according to sun this method is depreciated for security reason.