Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Destroy Cookie while Logging out.

DZone's Guide to

Destroy Cookie while Logging out.

· Web Dev Zone
Free Resource

Get deep insight into Node.js applications with real-time metrics, CPU profiling, and heap snapshots with N|Solid from NodeSource. Learn more.

I was facing a problem where while a person logs out his session is invalidated but the JSESSIONID still remained in the browser. As a result while logging in the Java API used to get the request from the browser along with a JSESSIONID(Just the ID since the session was invalidated) and would create the new session with the same ID. To fix this problem I used the above code so that whenever a user logs out the entire JSESSIONID becomes empty and thus cookie wont exist for that site.Anyone using JAVA can utilize this in their code.

@RequestMapping(value = "/logout", method = RequestMethod.POST)
public void logout(HttpServletRequest request,
HttpServletResponse response) {
/* Getting session and then invalidating it */
HttpSession session = request.getSession(false);
if (request.isRequestedSessionIdValid() && session != null) {
session.invalidate();
}
handleLogOutResponse(response);
}

/**
 * This method would edit the cookie information and make JSESSIONID empty
 * while responding to logout. This would further help in order to. This would help
 * to avoid same cookie ID each time a person logs in
 * @param response
 */
private void handleLogOutResponse(HttpServletResponse response) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {
cookie.setMaxAge(0);
cookie.setValue(null);
cookie.setPath("/");
response.addCookie(cookie);
}
}

Node.js application metrics sent directly to any statsd-compliant system. Get N|Solid

Topics:
web dev

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}