I have a wireless application and it is accessed through ptg/rm gateway from a PDA browser. Oracle wireless AS gives default login page (when the application is accessed through ptg/rm gateway) and when user login, user information session might get stored in server side (I am not sure, if any one can pls clarify me on this also?).
Now i have a requirement, in which my application user should get 'logoff' button in each and every page of my application. When he clicks on this button the user information session should get invalidated, so that even if the user goes back to the application (using back button of the browser) he should not able to enter the application. (This is same as any std. login/logout page logic).
Invalidating the session which resides in client side is easy (By using session.invalide()), but how can i delete the session which resides on the server side??? Whether is it possible?? If yes then how can i do it.
The second scenario where the user exits the app without leaving the application in the expected manner of clicking the "logoff" button. This leaves your application not knowing if the user is still there or not (unless you have a short session timeout setting). You need to test many session timeout scenarios to see what will work and keep your server from running out of memory.