• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookies & ServletFilters on Geronimo

 
John Simpson
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Apologies for revisiting a perennial topic but I'm struggling to delete a cookie.
Basically I have a session cookie that I want to access in a servlet filter then delete (expire). The code I'm using looks like this, in the doFilter method of the filter:

This appears to work fine, but the next time the user submits a request, the cookie is still there with a maxAge of -1. I'm using the Geronimo webserver.
Has anyone seen this before, and knows what I'm doing wrong?

Thanks,

John
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I wouldn't mess with the session cookie behind the servlet container's back. Try calling HttpSession.invalidate() instead.
 
John Simpson
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf,

I invalidate the session when the user logs out, but I want to destroy the cookie when they are still in the application.
The cookie is set by an authentication process. I want to use the data in the cookie when the user logs in, then delete the cookie, so that if the user logs out but doesn't close the session window they are forced to log back in (rather than just re-using the old cookie).

Thanks,

John
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65123
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is this a cookie you are setting, or are you talking about the cookie that the container creates to maintain the session?
 
John Simpson
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The cookie is created by an authentication service which I call from the login screen. It is not the JSESSIONID cookie.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65123
91
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by John Simpson:
It is not the JSESSIONID cookie.

Ah, your original post can be read to mean that it is the jSESSIONID cookie to which you are referring.
 
John Simpson
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
My apologies, that is not what I meant to imply. The cookie I am trying to remove is created by an application with a maxAge of -1. And despite my best efforts its maxAge stays at -1.
[ January 04, 2008: Message edited by: John Simpson ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic