HTTP Session Invalidation in Servlet/GlassFish
HTTP session invalidation is something most of us take for granted and don't think much about. However for security and performance sensitive applications it is helpful to have at least a basic understanding of how it works in Servlets.
In a brief code centric blog post Servlet specification lead Shing Wai Chan introduces the APIs for session invalidation and explains how you can fine tune the underlying reaper thread for session invalidation when it is needed in GlassFish 4. Don't hesitate to post a question here if the blog is not clear, this is a relatively esoteric topic...
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)