Invalidating session in spring

with other jars that really implement it (-redis.jar, -hazelcast.jar) could work. Show us your spring config, spring/security library versions, your controller code, whether using NIO or BIO or APR.You should also see a listing of active sessions for the currently logged in user.Session management is one of essential parts for each web application.For these reasons it is also very important never to expose a session ID in a URL, but I’m getting off topic here …

In order to check the session functionality I will display the session objects on the pages using JSTL.As usual, because you haven’t yet had time to put any real effort into it, some security risks did surface.We use Spring Security and Spring-MVC and I will talk about implementing a session timeout and concurrent session control: nice subjects from the trenches.Since Spring MVC is a powerfull framework for a web development, it has own tools and API for the interaction with sessions.Today I intend to show you basic ways of session processing within Spring MVC application.

Leave a Reply