I have this slight problem.
I have a web app some some some servlets but the servlet that is giving issues is OnConstController which is a servlet.
It does seem to be sharing the session from dispatcherselvet but the problem occurs when the session is invalidated i.e a user logging out out.
The OnConstController servlet still looks at the session as valid. I know cos i printed out the SessionId and it is still exists.
So that is a security concern. It seems the OnConstController servlet isn't notified of the invalidated session.
Please can someone suggest the reason or fix.
in the web.xml