MemoryLeak MemoryLeak - 3 months ago 20
Java Question

Why session.invalidate doesn't work in IE browser?

I implemented a sevlet filter in my application, and within the filter, if I find some specific url pattern, I will use request.getSession().invalidate() to logout and clear the session, then redirect to a login page.

session.invalidate();
session.setAttribute("hi", true);
response.sendRedirect("login.jsp");


but I found, after that I enter username and password, then submit the login form, the previous session seems not be completely cleared.

So is it possible to let me completely clear out the session and just like start a new IE instance ?(BTY, my code works in FF and Chrome).

Answer

The session is a server-side concept. The browser only hold a jsessionid to tell the server which session object to fetch for this request.

That said, your problem is not IE. And even if it is, it is some sort of caching the you are facing. Clear your cache. You can set these response headers:

Cache-Control: no-cache, no-store
Pragma: no-cache