tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ian Stevens" <>
Subject How do I force the expiration of the JSESSIONID cookie for proxies?
Date Tue, 11 Jan 2005 00:12:12 GMT
I have a system which renders a session stored in the HttpSession unusable
once the user logs out.  All initialisation on the session is performed
inside a HttpSessionListener.sessionCreated() method.  Further accesses
under the same JSESSIONID result in an error detailing that the user must
close their browser before logging in again.  However, many of our users
access the system through phone network proxies which remember their cookies
for them.  There is no way that I know of to force the proxies to either not
cache cookies or to flush the value for a cookie.  However, the proxy should
understand how to expire a cookie.

Is it possible to set an expires on a JSESSIONID cookie to the current time
on a user logout?  Will HttpSession.invalidate() do this for me?  I need
some way to indicate to proxies that they should no longer use the old
JSESSIONID cookie value and to replace it with any new value which should
come along.

Does anyone know how this can be done?  I'd rather not reference
"JSESSIONID" in my code in case a different value is ever used.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message