Invalidating a stale session
However, configuring how Web Logic Server manages sessions is a key part of tuning your application for best performance.When you set up session management, you determine factors such as: You can also store data permanently from an HTTP session. You configure Web Logic Server session tracking by defining properties in the Web Logic-specific deployment descriptor, .For longer-lived client-side user data, you program your application to create and set its own cookies on the browser via the HTTP servlet API.The application should not attempt to use the cookies associated with the HTTP session.For more information see Logging Out and Ending a Session.By default, Web applications do not share the same session.
There are several Java methods and strategies you can use when using authentication with multiple Web applications.
At that point, a new session is automatically assigned when the deployment descriptor. User authentication information is stored both in the user's session data and in the context of a server or virtual host that is targeted by a Web application.
The method, which is often used to log out a user, only invalidates the current session for a user—the user's authentication information still remains valid and is stored in the context of the server or virtual host.
This behavior is in the spirit of session usage and it is recommended that you use sessions in this way.
You can configure session-tracking parameters of cookies in the Web Logic-specific deployment descriptor, .