I tend to agree. I think it's at least disputable. Servlet spec is bit vague and I can see only:
When an application is replaced, the container should provide a robust method for preserving session data within that application.
I suggest to add to InitServlet:
request.getSession().invalidate();
|
WDYT?
|