See How do we get access to the session for ways to retrieve the session.
One way of invalidating a session; contributed by Ray Clough.
Session Invalidation
// Code fragment from class implementing SessionAware containing the // session map in a instance variable "session". Attempting to invalidate // an already-invalid session will result in an IllegalStateException. if (session instanceof org.apache.struts2.dispatcher.SessionMap) { try { ((org.apache.struts2.dispatcher.SessionMap) session).invalidate(); } catch (IllegalStateException e) { logger.error(msg, e); } }