I am removing the object from the session before I am invalidating it.
I am using a value object of type Member stored in the session. Member class has a method called isAdmin which decides whether the user is admin or not ! We are also checking the validity of the user in actual delete action code. But the main problem is in spite of invalidating the session, the admin object can be retrieved from the session. This is a real pain in wrong place.
I searched the web for the problem and it seems that this problem is prevailent all over the world but no body has suggested a solution and also nobody is knowing why this issue occures.
I am pasting some links below to give the gravity of the problem. Javaranch itself has discussed the problem in past quite a few times but no body is sure why this happens. Please visit
Click Here for link 1 If anybody knows the issue please help.
Thanks in advance
Sachin