Sorry for posting this again i thought it's more suitable here
I have deployed a single EAR file with multiple web application (WAR files)
I am trying to invalidate the session for all of the web application at any given moment (logout for multiple web app). What is the best way of doing it in servlets? Or is it possible to do it in application.xml
# Help an unprivileged kid.<br /> Whatever u do will make a difference...<br /> ...to a child's life & ur own #<br /><a href="http://www.cry.org/" target="_blank" rel="nofollow">www.cry.org/</a>
I think it very much depends on the applicaton server as well as the session-management mechanism of the server.
In a cookie-based scenario so long as you are in compliance with the cookie read/write rules ( you are not reading a cookie of yahoo.com from a domain yourapp.com etc....please refer for more details.. cookie reference )
I think you can achieve this by way of unsetting all the cookies , especially the "SESSIONID" / "AUTHENTICATION" cookies from one of your servlets, make sure you are doing this for all the paths you would refer to in your WARs. For eg if you have app1.war app2.war with context paths app1 and app2 in your EAR. you would need to unset the cookies for paths : app1 and app2.