Ok so the idea is simple enough, handle logins using serverside auth and then if auth then set a session variable to keep track of the user. Once the user decides to logout the session is destroyed. Problem is it doesn't apear to be working.
Problems
1.) The login feature seems to work and the userName session variable can be accessed through a xmlhttprequest to the server, however, when I try to just run the servlet directly I get a blank string. How can the session be retrieved fine by the request but another IE window sees nothing.

2.) Session.invalidate does not cause the session variable to be destroyed.

here are some code snipets
Code:
//Client Side

function login()
{
    userName="";
    xmlUserName=GetXmlHttpObject();
    if (xmlUserName == null)
    {
        alert ("Your browser does not support the XMLHttpRequest object. Please upgrade to a newer browser.");
        return;
    }
    queryString="mode=getValue&varName=userName";
    //xmlUserName.onreadystatechange=responseUN;
    xmlUserName.open("POST",urlSession,false);
    xmlUserName.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
    xmlUserName.send(queryString);
//    if (xmlUserName.status=="PAGE_SUCCESS")
//    { 
    
    userName=xmlUserName.responseText;
    alert(xmlUserName.status);
    alert(xmlUserName.responseText);
    if (userName != "")
    {
        //userName.replace(" ","*");
        //alert(userName);
        getCurrentPage();
    }
    else
    {
        alert("Please Log In");
        window.location = "***.htm";
    }

    
}



//responseText is false
function logout()
{
    alert("we're in");
    userName="";
    xmlUserName=GetXmlHttpObject();
    if (xmlUserName == null)
    {
        alert ("Your browser does not support the XMLHttpRequest object. Please upgrade to a newer browser.");
        return;
    }
    var url="http://*******/LdapAuthServlet";
    queryString="mode=logout";
    //xmlUserName.onreadystatechange=responseUN;
    xmlUserName.open("POST",urlSession,false);
    xmlUserName.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
    xmlUserName.send(queryString);
//    if (xmlUserName.status=="PAGE_SUCCESS")
//    { 
    
    //userName=xmlUserName.responseText;
    alert(xmlUserName.status);
    alert(xmlUserName.responseText);
//    if (userName != "")
//    {
//        //userName.replace(" ","*");
//        //alert(userName);
//        getCurrentPage();
//    }
//    else
//    {
        alert("Please Log In");
        window.location = "****.htm";
    //}

    
}

//server side

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException
	{
		PrintWriter writer = null;
		setVar();

		try
		{
			writer = response.getWriter();
			//Setup Variables
		
			boolean validLogin = false;
			//get the mode to accomplish    
			String mode = request.getParameter("mode");
			String falsePos = request.getParameter("falsePos");
			// got hold of the user session
			HttpSession session = request.getSession(true);
			// retrieving session info


							if (!(mode == null))
				{
					if (mode.equals("login"))
					{
						String userName = request.getParameter("userName");
						String passWord = request.getParameter("passWord");
						//Make sure the variables were included
						if ((!(userName == null)) && (!(passWord == null)))
						{
							//Check the username/Password with LDAP
							validLogin = checkAuth(userName, passWord);

							//Handle The Result
							if (validLogin)
							{
								boolean changed = sessionEditor.changeSessionVariable("userName", userName, session);
								if (changed)
								{
									writer.write("success:login");
								}
								else
								{
									writer.write("failed:Could not set session variable");
								}
							}	
							else
							{
								boolean changed = sessionEditor.changeSessionVariable("userName", null, session);
								writer.write("failed:Bad Username/ID");
							}
						}
					}

					if (mode.equalsIgnoreCase("logout"))
					{
						if (session != null)
						{
							boolean changed = sessionEditor.changeSessionVariable("userName",null, session);
							errLog.writeAlert("Session variable changed:" + changed);
							if (changed)
							{
								changed = sessionEditor.endSession(session);
								errLog.writeAlert("Session Deleted:" + changed);
								if (changed)
								{
									writer.write("success:logout");
									errLog.writeAlert("success:logout");
								}
								else
								{
									writer.write("failed:No Session to invalidate in the session function");
									errLog.writeAlert("failed:No Session to invalidate in the session function");
								}
							}
							else
							{
								writer.write("failed:to set the session variable");
								errLog.writeAlert("failed:to set the session variable");
							}
						}
						else
						{
							writer.write("failed:No Session to invalidate");
							errLog.writeAlert("failed:No Session to invalidate");
						}
						
					}

				}
			
		}
		catch (Exception ex) 
		{
			try
			{
				writer = response.getWriter();
				writer.write("Error:");
				ex.printStackTrace(writer);
				errLog.writeError(ex);
			}
			catch (Exception e) { }
		}
		finally
		{
			writer.flush();
		}
		
	}

public boolean changeSessionVariable(String varName, String varValue, HttpSession session)
	{
		if (session != null)
		{
			try
			{

				//if (varName != "userName")
				//{
					session.setAttribute(varName, varValue);
					return (true);
				//}
				//else
				//{
				//    errLog.writeAlert("Username not found");
				//    return (false);
				//}
			}
			catch (Exception ex)
			{
				errLog.writeError(ex);
				return (false);
			}
		}
		else
		{
			errLog.writeAlert("No Session found, This was supposed to be a parameter so please check the code calling this function");
			return (false);
		}
	}
public boolean endSession(HttpSession session)
	{
		try
		{
			session.invalidate();
			return true;
		}
		catch(Exception ex)
		{
			errLog.writeError(ex);
			return false;
		}
	}