How do I invalidate user’s session?

In a web application you might want to invalidate user session, for instance in a logout Servlet or JSP. There is an invalidate() method in the HttpSession interface, this method invalidates the session and it removes all attributes from the session object.

package org.kodejava.example.servlet;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

public class InvalidateSessionServlet extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        HttpSession session = request.getSession();

        // Invalidate the session and removes any attribute related to it

        // Get an HttpSession related to this request, if no session exist don't
        // create a new one. This is just a check to see after invalidation the
        // session will be null.
        session = request.getSession(false);

        response.getWriter().println("Session : " + session);

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        doPost(request, response);

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.