out
XSS vulnerabilities
When out.print ( ""); controllable time, will lead to XSS vulnerabilities.
requests
response
session
session expiration time problem
session.setMaxInactiveInterval();
User exits, session not destruction
session.invalidate (); // destroy all Web application session
session.removeAttribute (); // Removes the specified session
application