My application is using Tomcat and Struts framework. The problem I found is the session invalidation and Tomcat Manager Application's session tracking number conflict (or confusion). When user logs on to our application, I see the number of session in Tomcat manager application gets increased as expected; however, it did not get decreased as user logged out. This is what I do in the LogoutAction:
However, if I call in the logout.jsp (kind of redundent, since LogoutAction has already invalidate the user's current session), then the session number in Tomcat manager application will get decreased, proving the user did has already logged out. Why is this? How does Tomcat tracks application's session number? Or the session number did not get decreased because actually another new session has been created again in the logout.jsp? If this is the case, how should I address this problem without putting JAVA code (to invalidate session) in jsp page, or just ignore the Tomcat session number as long as I do proper session invalidion in logout action?
Thanks very much for your help!
I am going down to the lab. Do NOT let anyone in. Not even this tiny ad:
Devious Experiments for a Truly Passive Greenhouse!