aspose file tools*
The moose likes Servlets and the fly likes Cookies & ServletFilters on Geronimo Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of JavaScript Promises Essentials this week in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cookies & ServletFilters on Geronimo" Watch "Cookies & ServletFilters on Geronimo" New topic
Author

Cookies & ServletFilters on Geronimo

John Simpson
Ranch Hand

Joined: Nov 28, 2005
Posts: 30
Apologies for revisiting a perennial topic but I'm struggling to delete a cookie.
Basically I have a session cookie that I want to access in a servlet filter then delete (expire). The code I'm using looks like this, in the doFilter method of the filter:

This appears to work fine, but the next time the user submits a request, the cookie is still there with a maxAge of -1. I'm using the Geronimo webserver.
Has anyone seen this before, and knows what I'm doing wrong?

Thanks,

John
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42592
    
  65
I wouldn't mess with the session cookie behind the servlet container's back. Try calling HttpSession.invalidate() instead.


Ping & DNS - my free Android networking tools app
John Simpson
Ranch Hand

Joined: Nov 28, 2005
Posts: 30
Hi Ulf,

I invalidate the session when the user logs out, but I want to destroy the cookie when they are still in the application.
The cookie is set by an authentication process. I want to use the data in the cookie when the user logs in, then delete the cookie, so that if the user logs out but doesn't close the session window they are forced to log back in (rather than just re-using the old cookie).

Thanks,

John
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61596
    
  67

Is this a cookie you are setting, or are you talking about the cookie that the container creates to maintain the session?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
John Simpson
Ranch Hand

Joined: Nov 28, 2005
Posts: 30
The cookie is created by an authentication service which I call from the login screen. It is not the JSESSIONID cookie.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61596
    
  67

Originally posted by John Simpson:
It is not the JSESSIONID cookie.

Ah, your original post can be read to mean that it is the jSESSIONID cookie to which you are referring.
John Simpson
Ranch Hand

Joined: Nov 28, 2005
Posts: 30
My apologies, that is not what I meant to imply. The cookie I am trying to remove is created by an application with a maxAge of -1. And despite my best efforts its maxAge stays at -1.
[ January 04, 2008: Message edited by: John Simpson ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cookies & ServletFilters on Geronimo