But, the problem I am experiencing is, even though the session is invalidated, I still can open a new browser page and type the url to a specific screen and am able to view the screen as though I am logged in.(However, I cannot really connect to database or make any changes in the screen).
Shouldn't the screen NOT appear when session is invalidated? And, I see my action methods being called by the jsp when I click buttons on a screen after session is invalidated.
I would appreciate if anyone can through some light on what's exactly happening and suggest a better work around for logging out, session invalidation.