I tryied it on Tomcat (web.xml): <session-config>
<session-timeout>0</session-timeout>
</session-config>
On servlet: req.getSession().setAttribute("myattribute", "0");
if(req.getParameter("invalidate")!=null){
req.getSession().invalidate();
}
RequestDispatcher dispatcher = req.getRequestDispatcher("page.jsp");
dispatcher.forward(req,resp);
On jsp: My attribute is: ${sessionScope.myattribute}
Then when i call /MyServlet the result is My attribute is: 0
Then when i call /MyServlet?invalidate=1 the result is My attribute is:
So, i think if you call invalidate, it always invalidate your session.