JSP session.invalidate() vs request.logout()

Question

I have a SignOut button on my jsp page. (Tomcat 8.0.15)

session.invalidate()

or

request.logout()

which one is better for signing-out/terminating the session, what is the main difference? Should I use both?

And how to check if session.invalidate() and request.logout() were successful? that is true? — CodeGust, Feb 27 '15 at 21:44

score 7 · Accepted Answer · answered Feb 27 '15 at 21:19

7

logout() clears the identity information in the request but doesn't affect the session
invalidate() invalidates the session but doesn't affect the identity information in the request.

I think you should use both.

answered Feb 27 '15 at 21:19

user207421

1 Answers1