Invalidating session in spring

A session timeout defines a period of session’s life, during this time session is valid.

In the end of the post I promised to write more advanced topic dedicated to the sessions in Spring MVC applications. Before I start discussion about sessions and the most frequent situations which occur in a process of development I want to underline some things. And as the result server doesn’t know who is an initiator of a request, even if an application has just one user.Alternatively, consider using the attribute management capabilities of the generic Web Request interface.I think you might be better off using spring security with an authentication provider and something like Username Password Authentication Token.Your user/principal would be accessible via Security Context Holder and included in the Http Session.When using spring security you then could use/configure a Logout Configurer to invalidate the session and clears the Security Context Holder context and sets the authentication to null.

Leave a Reply