After HttpSession.invalidate() is called I expect the next getSession call should return a new session with a different session id. However, it returns the same sessionid ???
Created May 7, 2012
Luigi Viggiano I believe that the new session will be generated on next request by the client, not immediately after the invalidate.