Apologies for revisiting a perennial topic but I'm struggling to delete a cookie. Basically I have a session cookie that I want to access in a servlet filter then delete (expire). The code I'm using looks like this, in the doFilter method of the filter:
This appears to work fine, but the next time the user submits a request, the cookie is still there with a maxAge of -1. I'm using the Geronimo webserver. Has anyone seen this before, and knows what I'm doing wrong?
Joined: Mar 22, 2005
I wouldn't mess with the session cookie behind the servlet container's back. Try calling HttpSession.invalidate() instead.
I invalidate the session when the user logs out, but I want to destroy the cookie when they are still in the application. The cookie is set by an authentication process. I want to use the data in the cookie when the user logs in, then delete the cookie, so that if the user logs out but doesn't close the session window they are forced to log back in (rather than just re-using the old cookie).
Originally posted by John Simpson: It is not the JSESSIONID cookie.
Ah, your original post can be read to mean that it is the jSESSIONID cookie to which you are referring.
Joined: Nov 28, 2005
My apologies, that is not what I meant to imply. The cookie I am trying to remove is created by an application with a maxAge of -1. And despite my best efforts its maxAge stays at -1. [ January 04, 2008: Message edited by: John Simpson ]