Request in sessionDestroyed of HttpSessionListener

Hi All,
I am having the below problem...Can someone suggest a way to solve it ?

We have a cookie set when any user logs in on our site..
What i want to do is, when the session expires ie. it is idle for some time, i would like to delete the cookie which i am creating on login.
I tried with HttpSesionListener, sessionDestroyed (), but there is no request object in it to destroy the cookie..
Can any one have some other way to delete the cookie ??

Waiting for some response....Thanks in advance...
Ashish.

set the max age to zero by using setMaxAge(0).


-Raju

ya tht is fine but I want to do that only on my session getting expired...how do i come to kno when session expires

Hi Ashish.

Store the cookie set in application scope. During session invalidation, container/server calls the HttpSessionListener's sessionDestroyed(HttpSessionEvent se) method. In that method provide, void sessionDestroyed(HttpSessionEvent se){ HttpSession session=se.getSession(); ServletContext application=session.getServletContext(); //Here get cookie set attribute, that was set earlier. //After make it to unreference (point it to null). }
Then it will be garbage Collected.

i would like to delete the cookie which i am creating on login.

You can only change the cookies stored on the user's browser when processing a response which goes to the browser.

There is no way you can reach out in cyberspace and delete that cookie if the user isn't talking to you.

Time to rethink your problem. Do a search for rfc2965 to get the API which governs cookies.

Bill

William Brogden wrote:

i would like to delete the cookie which i am creating on login.

You can only change the cookies stored on the user's browser when processing a response which goes to the browser.

There is no way you can reach out in cyberspace and delete that cookie if the user isn't talking to you.

Time to rethink your problem. Do a search for rfc2965 to get the API which governs cookies.

Bill

Bill,

Your point is very valid but the problem mentioned also seems to be a very practical problem, so what do you or other suggest the solution for this kind of a problem.

Thanks,
Rahul

Don't use cookies to determine if the user is logged in or not. Use the session.