There was a method I used a few years back that was similar to "HttpSession.invalidate()". The difference was that it destroyed all sessions in the user's browser, not just for my site. Maybe clearing their cache? Anyone remember this method??