After HttpSession.invalidate() is called I expect the next getSession call should return a new session with a different session id. However, it returns the same sessionid ???

Luigi Viggiano

I believe that the new session will be generated on next request by the client, not immediately after the invalidate.

About | Sitemap | Contact