Over a million developers have joined DZone.
Platinum Partner

Destroy Cookie while Logging out.

· Web Dev Zone

The Web Dev Zone is brought to you in partnership with Mendix.  Discover how IT departments looking for ways to keep up with demand for business apps has caused a new breed of developers to surface - the Rapid Application Developer.

I was facing a problem where while a person logs out his session is invalidated but the JSESSIONID still remained in the browser. As a result while logging in the Java API used to get the request from the browser along with a JSESSIONID(Just the ID since the session was invalidated) and would create the new session with the same ID. To fix this problem I used the above code so that whenever a user logs out the entire JSESSIONID becomes empty and thus cookie wont exist for that site.Anyone using JAVA can utilize this in their code.

@RequestMapping(value = "/logout", method = RequestMethod.POST)
public void logout(HttpServletRequest request,
HttpServletResponse response) {
/* Getting session and then invalidating it */
HttpSession session = request.getSession(false);
if (request.isRequestedSessionIdValid() && session != null) {

 * This method would edit the cookie information and make JSESSIONID empty
 * while responding to logout. This would further help in order to. This would help
 * to avoid same cookie ID each time a person logs in
 * @param response
private void handleLogOutResponse(HttpServletResponse response) {
Cookie[] cookies = request.getCookies();
for (Cookie cookie : cookies) {

The Web Dev Zone is brought to you in partnership with Mendix.  Learn more about The Essentials of Digital Innovation and how it needs to be at the heart of every organization.

web dev

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}