whenever there is 5 min completed, call session invalidating jsp page. hope it will help Hi, Sam, I think for the first problem, prabhat's suggestion will be helpful.
Since HTTP is stateless protocol, there is no way that the container knows about the browser unless there is a request coming from the browser.
The assumptions sticky sessions allow also have a few other benefits: In all of these cases, even if for a brief period of time, a dyno that is still up and running may not accept new connections or handle new requests, or is entirely down and will never handle them.
How should these problems be solved so as to have stronger site security implemented ??? Thank You This is just a shot in the dark, but have you tried redirecting the client using Redirect()?
Furthur, when the user clicks on any link now, what gets printed is the new session id.
Also, since i have implemented this application using the MVC Pattern wherein every request is first sent to the Controller Servlet wherein, i am checking whether current session is valid by invoking the Requested Session Id Valid() and if not redirecting the user to the Login Page.
I don't know why the container isn't invalidating the session, but this would force a new request from the client, and may solve the problem (in a way that shouldn't be container specific).
This would be very much similar to how windows 2000/NT based systems maintain system security wherein if the user has not used the system for a specified amount of time then, the system automatically logs off and goes into a sign in mode(normally ctrl-alt-del is pressed to specify user identification details).