posted 20 years ago
I am not sure if I have completely understood your question, however let's try :
The user connected to a web application can't gurantee if the session is invalidated. TRUE
But applications do have a LogOut function, that users can use to end their seesion, this is done by calling HttpSession.invalidate(). The invalidate() method gurantees that the user's session is ended(destroyed).
HTH