Hello.
While trying to understand the new session management in Vaadin 7, I noticed that HTTP sessions are not closed when the so-called Vaadin sessions are closed. In other words, closing a Vaadin session via “VaadinSession.getCurrent().close()” does not invalidate the HTTP session (as observed via, e.g., a registered HttpSessionListener). Is this intentional, and if so, what is the rationale? How this will affect, say, JDBC session persistence schemes?
Thanks,
Jukka.
Hi,
VaadinSession is stored in the HTTP session (potentially it could be stored elsewhere also). If you have multiple servlets (services) you will have multiple VaadinSession instances, which means that invalidating/closing a VaadinSession can not and should not invalidate the HTTP session. Also you might have something else stored in the session by another part of your web application, e.g. a legacy JSP part.
This does not differ significantly from Vaadin 6 where Application.close() only closes the Application and does not invalidate the whole HTTP session.
If you want to invalidate the HTTP session instead of closing the VaadinSession, you are of course free to do so. Invalidating the HTTP session will also invalidate all VaadinSessions stored inside it.