Browser cookie session doesn�t get deleted

I have a web application which uses user browser cookie to perform Single-Sign-On after user�s login to the system. I�m experiencing a problem lately that user session stays with old user even after he do a logout or close the browser. I remember that if the expiry is not set the cookie stays only till the life of the browser, right? I�m using http Cookie class to set the cookie token and cookie name/value.

The problem solves when the users manually got to IE option and delete the cookies and temp files. Then if he login it works fine.

Is there a way to get around this problem? We experience this happening not with all users, but with some of them (most of XP users). Is there a specific thing need to be done on my JSP or some configuration to be set on end-user�s machine? We cant say each users of same machine to go each time to go to IE options and do the clear process. Please advice. Any input on this is appreciated.

Did you try Cookie.setMaxAge() with a negative value ?

Thanks Satou,

But by default the value is -1 right? Do you think this is the problem? Since this problem is not faced by all users, i suspect what might be the cause of this behaviour?

But by default the value is -1 right?

Oh, that's right.

Do you have access to the machine of those users ?
You could check the lifetime of the cookie to make sure it is set to "end of session". (with Firefox's Cookie window for example)

By the way, those users all use the same browser ?