How sessions become invalid?
Invalidated session is an invalid session?
What is difference between invalid and invalidated session?
Why invalid session is not null?
Asked
Active
Viewed 1,394 times
1
user3311231
- 33
- 1
- 8
-
"How sessions become invalid?" - by invalidating it. You normally do that when you don't want to use that session anymore, e.g. to prevent session fixation attacks where you invalidate the current session and create a new one. "What is difference between invalid and invalidated session?" - that's just a language problem. When you _invalidate_ (action) a session it becomes _invalid_ (state). – Thomas Feb 26 '18 at 12:54
1 Answers
1
When you invalidate the session, doesn't mean that the reference of the session become null.
Invalidates this session then unbinds any objects bound to it.
When you invalidate, it just remove all the data inside it and itself gets removed from the session pool. So when you ask for the session in current context, you don't receive any session as the session invalidated.
Why invalid session is not null?
If you have the session reference is in your hand, it can't be null. You can still access it, however the session data gets vanished. Once you again call/look for session, for ex request.getSession(false), you'll receive a null as session as the earlier session validated.
Suresh Atta
- 120,458
- 37
- 198
- 307