6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Should we reset the session variables to null on web application logout?\",\"text\":\"

Httpsession is per browser.Ideally should we reset the session variables on logout otherwise it will always be available for that Browser even user login again.Is that correct?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"M Sach\"},\"upvoteCount\":1,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

You can just invalidate the session by calling HttpSession.invalidate() which will clear all the attributes as well as destroy the session itself.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"adarshr\"},\"upvoteCount\":3}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","java",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/java/1","children":"java"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/b64ecf035c26728e5e3635b940d2cd38?s=256&d=identicon&r=PG","alt":"M Sach","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/802050/m-sach","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"M Sach"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",34424]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Should we reset the session variables to null on web application logout?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Httpsession is per browser.Ideally should we reset the session variables on logout otherwise it will always be available for that Browser even user login again.Is that correct?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",3742]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","9757714",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/e2173a4eb840daea86793815e3b1a63a?s=256&d=identicon&r=PG","alt":"Pablo Santa Cruz","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/67606/pablo-santa-cruz","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Pablo Santa Cruz"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",181340]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You don't need to reset all session variables. You just need to call session.invalidate() and servlet framework will take care of the rest.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","9757713",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/cd79cf00160aef32e8bfa48bcc978b9b?s=256&d=identicon&r=PG","alt":"adarshr","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/343955/adarshr","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"adarshr"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",62593]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You can just invalidate the session by calling HttpSession.invalidate() which will clear all the attributes as well as destroy the session itself.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",3]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","24764049",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24764049","className":"text-blue-600 hover:underline","children":"Best way to clear session"}]}],["$","li","35066149",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/35066149","className":"text-blue-600 hover:underline","children":"Java Web application session variables"}]}],["$","li","28039133",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/28039133","className":"text-blue-600 hover:underline","children":"should i set variable to null when user exits"}]}],["$","li","27620147",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/27620147","className":"text-blue-600 hover:underline","children":"Destroy user session stored in database on window close"}]}],["$","li","26515151",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/26515151","className":"text-blue-600 hover:underline","children":"Why shouldn't I destroy http session on user logout?"}]}],["$","li","15573093",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15573093","className":"text-blue-600 hover:underline","children":"Do we need to delete session variables after user logout?"}]}],["$","li","10077806",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10077806","className":"text-blue-600 hover:underline","children":"Is destroying the user session enough during logout?"}]}],["$","li","8921887",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8921887","className":"text-blue-600 hover:underline","children":"session.clear() is necessary?"}]}],["$","li","6040294",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6040294","className":"text-blue-600 hover:underline","children":"How can I remove session related information from database when the session gets killed?"}]}],["$","li","3014907",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3014907","className":"text-blue-600 hover:underline","children":"Should values kept in Tomcat Session be set to null when session is being destroyed?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Should we reset the session variables to null on web application logout?

Answers (2)

Related Questions