Reputation: 1213
How save cookie JSESSIONID in browser (spring)?
i am develop an web app and in the authentication i need to delete the cookie JSESSIONID after a user makes logout.
Imagine this situation, i have multiple servers with the same war deployed and the user A make login in the the diferent servers.
When one of connected makes logout, other all should makes logout too. Soo, i need to remove all cookies to can do it (i think this will work).
thanks
Upvotes: 0
Views: 1147
Answers (2)
Reputation: 160191
Even if you remove the cookie, a new one will be created as soon as another JSP is hit (unless explicitly configured to not create a session).
Rather than relying on the presence of a session, use an object in the session to determine if a user is logged in or not.
Just invalidate the session. Don't worry about the session cookie, or you'll need to retrofit all your JSP pages that don't require a login to not create a session, and remember to do that in perpetuity.
Upvotes: 2
Reputation: 31280
Rather than removing all of the cookies from the clients, you need to instead invalidate that cookie server-side. Basically, you are expiring their session server-side, which means that they will get a new cookie sent to them if they re-connect.
Upvotes: 1
Related Questions
- How to remove JSESSIONID from cookies?
- How to set cookie domain and path with Spring boot
- Remove JSESSIONID cookie from Spring Application
- how to refresh JSESSIONID cookie after login
- spring - configure domain for JSESSIONID cookie
- Updating JSESSIONID cookie value
- how to set JSESSIONID cookie as secure using Spring security 2 and Apache Tomcat 7 setting
- How to have a custom cookie name in spring security
- Can't remove JSESSIONID cookie
- How to persist a cookie?