Question

How can we prevent implicit session creation in JSP?

Answer 1

Jus check all these methods by your own you will understand everything of it:

<%
    HttpSession se=request.ge    tSession();
    out.print(se.getCreationTime());
    out.print(se+"<br>");
     out.print(se.getAttribute("id") +"<br>"); // if you have data as id in session
     out.print(se.getId()+"<br>");
     out.print(se.getLastAccessedTime()+"<br>");
     out.print(se.getMaxInactiveInterval()+"<br>");
     out.print(se.getServletContext()+"<br>");
     out.print(se.getSessionContext()+"<br>");
     out.print(se.getValue("id") +"<br>");   // if you have data as id in session
     out.print(se.getValueNames() +"<br>");
     out.print(se.hashCode() +"<br>");
     out.print(se.isNew() +"<br>");
     se.setAttribute("id", "none") ;   // if you have data as id in session ,just manipulate 
     out.print(se.toString() +"<br>");
     se.invalidate();
     response.sendRedirect("admin_login.jsp");// redirecting after invalidating session
    /*
    se.removeAttribute("id"); // remove attribute from session.
    out.print("id="+se.getAttribute("id") +"<br>"); 
    
    out.print("id="+se.getAttribute("id") +"<br>");
    out.print("invalidated<br>");
    //se.notify();
     //out.print(se.getAttribute("id") +"<br>");
            */
%>

#thank you
#hope this was helpful for you