Manullay invalidating session values on session time out
Sessions are used for maintaining user specific state, including persistent objects (such as handles to database result sets) and authenticated user identities, among many interactions.
For example, a session could be used to track a validated user login followed by a series of directed activities for a particular user. For each request, the client transmits the session ID in a cookie or, if the browser does not allow cookies, the server automatically writes the session ID into the URL.
The Sun ONE Web Server supports the servlet standard session interface, called A cookie is a small collection of information that can be transmitted to a calling browser, which retrieves it on each subsequent call from the browser so that the server can recognize calls from the same client.
A cookie is returned with each call to the site that created it, unless it expires.
The domain of a cookie is by default not set for a session and as such the session is only valid for the host which generated it.
In order to have a session which spans across common sub domains, you can specify the parent domain using the argument (defaults to 1) indicates whether locking should be used.
There should be some mechanism available so that admin can stop the user immediately by invalidating the cookie.
The term user session refers to a series of user application interactions that are tracked by the server.
Servlets can access the session objects to retrieve state information about the session.
This chapter describes sessions and session managers, and has the following sections: refers to a series of user application interactions that are tracked by the server.
Patch 5 allows different applications to have different session idle timeout values.