tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Fowler <>
Subject Re: How do I force the expiration of the JSESSIONID cookie for proxies?
Date Tue, 11 Jan 2005 14:29:35 GMT
Ian -

HttpSession.invalidate() will cause the client's cookie to expire.

-Mike Fowler
"I could be a genius if I just put my mind to it, and I,
I could do anything, if only I could get 'round to it"

Ian Stevens wrote:
> I have a system which renders a session stored in the HttpSession unusable
> once the user logs out.  All initialisation on the session is performed
> inside a HttpSessionListener.sessionCreated() method.  Further accesses
> under the same JSESSIONID result in an error detailing that the user must
> close their browser before logging in again.  However, many of our users
> access the system through phone network proxies which remember their cookies
> for them.  There is no way that I know of to force the proxies to either not
> cache cookies or to flush the value for a cookie.  However, the proxy should
> understand how to expire a cookie.
> Is it possible to set an expires on a JSESSIONID cookie to the current time
> on a user logout?  Will HttpSession.invalidate() do this for me?  I need
> some way to indicate to proxies that they should no longer use the old
> JSESSIONID cookie value and to replace it with any new value which should
> come along.
> Does anyone know how this can be done?  I'd rather not reference
> "JSESSIONID" in my code in case a different value is ever used.
> thanks,
> ian.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message