I'm using java-7 with tomcat 7 in Eclipse. I have a basic servlet. In this servlet for requests with "type" (which is a request parameter) "login" I create a new session with request.getSession(true) and put some attributes in it when the other credentials are correct off course. For a logout request, I invalidate the session with request.getSession(false).invalidate(). I even check after this statement with request.getSession(false) == null and it is true as expected.
However, for the following request from the same client, request.getSession(false) == null is false. If I check for the existence of attributes in this session, there aren't any. Why the session is not null. I can work this out by checking the existence of attributes instead of the nullity of the session. But what may be the problem?
I think the problem is something to do with usage of JSP. Session may be created automatically. If that's so, I am looking for ways to disable it.
If requested I may post the code for the servlet.
JSP automatically creates a session. To disable it add