You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Mike Peremsky <mp...@yahoo.com> on 2007/06/01 15:48:26 UTC

Cookie Rookie - cannot delete session cookie

I am pretty new to cookies and am having an issue. I create a cookie in my servlet and write it to the response to last the lifetime of the session (duration = -1). When the user clicks the logout button I find the cookie, reset the duration to 0 then re-add the cookie to the response. But when I look at the browser cookies the cookie is still there and is listed as a cookie lasting the lifetime of the session. From what I read in the API there is nothing to directly remove a cookie from a session, I can only write it with a duration of 0. So, why is the cookie still in the session? How can I get rid of it?
   
  TIA
   
  - Mike

 	      
---------------------------------
Park yourself in front of a world of choices in alternative vehicles.
Visit the Yahoo! Auto Green Center.

Re: Cookie Rookie - cannot delete session cookie

Posted by ben short <be...@benshort.co.uk>.

Hi,

To delete a cookie you have to set its max age to 0.

Calling invalidate on the httpsession will delete the cookie that
holds the session id, wont it? request.getSession().invalidate()

Ben


On 6/1/07, Tim Funk <fu...@joedog.org> wrote:
> There is nothing in the servelt api to explicitly delete the session cookie.
>
>
> -Tim
>
> Mike Peremsky wrote:
> > I am pretty new to cookies and am having an issue. I create a cookie in my servlet and write it to the response to last the lifetime of the session (duration = -1). When the user clicks the logout button I find the cookie, reset the duration to 0 then re-add the cookie to the response. But when I look at the browser cookies the cookie is still there and is listed as a cookie lasting the lifetime of the session. From what I read in the API there is nothing to directly remove a cookie from a session, I can only write it with a duration of 0. So, why is the cookie still in the session? How can I get rid of it?
> >
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Cookie Rookie - cannot delete session cookie

Posted by Tim Funk <fu...@joedog.org>.

Most likely you are using a JSP and unless you have page session='false' 
- a session (and new cookie of the same name) will be created on the 
next request.

-Tim

Mike Peremsky wrote:
> Yes, but why is it not being deleted when I get the cookie (request.getCookies()), then reset the duration to 0 (cookie.setMaxAge(0)) and re-add it to the response (response.addCookie(cookie))
> 
> Tim Funk <fu...@joedog.org> wrote:   There is nothing in the servelt api to explicitly delete the session cookie.
> 
> 
> -Tim
> 
> Mike Peremsky wrote:
>> I am pretty new to cookies and am having an issue. I create a cookie in my servlet and write it to the response to last the lifetime of the session (duration = -1). When the user clicks the logout button I find the cookie, reset the duration to 0 then re-add the cookie to the response. But when I look at the browser cookies the cookie is still there and is listed as a cookie lasting the lifetime of the session. From what I read in the API there is nothing to directly remove a cookie from a session, I can only write it with a duration of 0. So, why is the cookie still in the session? How can I get rid of it?
>>

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Cookie Rookie - cannot delete session cookie

Posted by Mike Peremsky <mp...@yahoo.com>.

Yes, but why is it not being deleted when I get the cookie (request.getCookies()), then reset the duration to 0 (cookie.setMaxAge(0)) and re-add it to the response (response.addCookie(cookie))

Tim Funk <fu...@joedog.org> wrote:   There is nothing in the servelt api to explicitly delete the session cookie.


-Tim

Mike Peremsky wrote:
> I am pretty new to cookies and am having an issue. I create a cookie in my servlet and write it to the response to last the lifetime of the session (duration = -1). When the user clicks the logout button I find the cookie, reset the duration to 0 then re-add the cookie to the response. But when I look at the browser cookies the cookie is still there and is listed as a cookie lasting the lifetime of the session. From what I read in the API there is nothing to directly remove a cookie from a session, I can only write it with a duration of 0. So, why is the cookie still in the session? How can I get rid of it?
> 

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



       
---------------------------------
Be a better Globetrotter. Get better travel answers from someone who knows.
Yahoo! Answers - Check it out.

Re: Cookie Rookie - cannot delete session cookie

Posted by Tim Funk <fu...@joedog.org>.

There is nothing in the servelt api to explicitly delete the session cookie.


-Tim

Mike Peremsky wrote:
> I am pretty new to cookies and am having an issue. I create a cookie in my servlet and write it to the response to last the lifetime of the session (duration = -1). When the user clicks the logout button I find the cookie, reset the duration to 0 then re-add the cookie to the response. But when I look at the browser cookies the cookie is still there and is listed as a cookie lasting the lifetime of the session. From what I read in the API there is nothing to directly remove a cookie from a session, I can only write it with a duration of 0. So, why is the cookie still in the session? How can I get rid of it?
>    

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Cookie Rookie - cannot delete session cookie

Posted by Martin Gainty <mg...@hotmail.com>.

Mike-

I dont see the attribute 'duration' with either accessor or mutator
the attribute maxAge which when set to -1 will delete the cookie
Take a look at
http://java.sun.com/products/servlet/2.2/javadoc/javax/servlet/http/Cookie.html
javax.servlet.http.Cookie.setMaxAge(-1);

HTH/
M--
This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed.  If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy.  Thank you.

----- Original Message ----- 
From: "Mike Peremsky" <mp...@yahoo.com>
To: <us...@tomcat.apache.org>
Sent: Friday, June 01, 2007 9:48 AM
Subject: Cookie Rookie - cannot delete session cookie


>I am pretty new to cookies and am having an issue. I create a cookie in my 
>servlet and write it to the response to last the lifetime of the session 
>(duration = -1). When the user clicks the logout button I find the cookie, 
>reset the duration to 0 then re-add the cookie to the response. But when I 
>look at the browser cookies the cookie is still there and is listed as a 
>cookie lasting the lifetime of the session. From what I read in the API 
>there is nothing to directly remove a cookie from a session, I can only 
>write it with a duration of 0. So, why is the cookie still in the session? 
>How can I get rid of it?
>
>  TIA
>
>  - Mike
>
>
> ---------------------------------
> Park yourself in front of a world of choices in alternative vehicles.
> Visit the Yahoo! Auto Green Center. 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Cookie Rookie - cannot delete session cookie

Posted by Mike Peremsky <mp...@yahoo.com>.

Ding!
   
  Thanks to all who repsonded. I had already implemented all that everyone else had suggested, but the one item I overlooked was resetting the path in the remove method of my cookie class to match when it was created.
   
  Thanks you for making my friday A LOT brighter!

Torgeir Veimo <to...@pobox.com> wrote:
  
On 1 Jun 2007, at 14:48, Mike Peremsky wrote:

> I am pretty new to cookies and am having an issue. I create a 
> cookie in my servlet and write it to the response to last the 
> lifetime of the session (duration = -1). When the user clicks the 
> logout button I find the cookie, reset the duration to 0 then re- 
> add the cookie to the response. But when I look at the browser 
> cookies the cookie is still there and is listed as a cookie lasting 
> the lifetime of the session. From what I read in the API there is 
> nothing to directly remove a cookie from a session, I can only 
> write it with a duration of 0. So, why is the cookie still in the 
> session? How can I get rid of it?

Did you make sure the cookie you reset is using the correct path? The 
path has to match, not only the domain.

-- 
Torgeir Veimo
torgeir@pobox.com




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org



       
---------------------------------
Choose the right car based on your needs.  Check out Yahoo! Autos new Car Finder tool.

Re: Cookie Rookie - cannot delete session cookie

Posted by Torgeir Veimo <to...@pobox.com>.

On 1 Jun 2007, at 14:48, Mike Peremsky wrote:

> I am pretty new to cookies and am having an issue. I create a  
> cookie in my servlet and write it to the response to last the  
> lifetime of the session (duration = -1). When the user clicks the  
> logout button I find the cookie, reset the duration to 0 then re- 
> add the cookie to the response. But when I look at the browser  
> cookies the cookie is still there and is listed as a cookie lasting  
> the lifetime of the session. From what I read in the API there is  
> nothing to directly remove a cookie from a session, I can only  
> write it with a duration of 0. So, why is the cookie still in the  
> session? How can I get rid of it?

Did you make sure the cookie you reset is using the correct path? The  
path has to match, not only the domain.

-- 
Torgeir Veimo
torgeir@pobox.com




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org