In security realms session is managed on container level, and it's transparent to application. The logout operation to an application is application tell container to clean out according session.
1. Logout single application (single session)
session.invalidate();
2. Logout application which shares session with other applications (WebLogic)
public static boolean logout(HttpServletRequest req)
This "logs out" the user in the session by removing the pertinent data from the sessions the user has logged into and also from the webserver, without losing other session data.
Parameters:
req - HttpServletRequest
invalidateAll
public static boolean invalidateAll(HttpServletRequest req)
Invalidate all the sessions for the current user only (ie. current cookie) and since the cookie is no more required, kill the cookie too.
Parameters:
req - HttpServletRequest
killCookie
public static void killCookie(HttpServletRequest req)
Kills the current cookie
Parameters:
req - HttpServletRequest which contains the session