Apache tomcat sessions are not destroyed when user session times out

[s-mahapat]

Try removing the HttpSessionBindingListener interface from Database.java and see if the session is invalidated on logout and timeout.

[s-mahapat]

Class Database no more implements HttpSessionBindingListener interface. Restart tomcat and its all working now, sessions are destroyed after 30 mins.

Also in logout controller clear the browser cache, else the previous session id was being passed to the server.