-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bon,
Bon wrote: > the logout Servlet will do something as following: > 1. set the cookies maxAge to 0 and add them into response again. > cookie.setMaxAge(0); > response.addCookie(cookie); > 2. set the session to invalidate > request.getSession().invalidate(); > 3. response.sendRedirect(redirectTo); redirectTo is the URL of second > site's logout link. > then the client browser will redirect to second site's logout URL, and > it is a Struts Action, > and this logout Action will do something as following: > 1. set the session to invalidate > 2. set the cookie maxAge to 0 and add them into response again. > cookies[i].setMaxAge(0); > response.addCookie(cookies[i]); > 3. forward to a logout default display page. > 4. direct to main site some page by form submit in default logout > display page. You should check to make sure that new cookies are not replacing the old cookies immediately after the invalidate() has been called. Also note that calling setMaxAge before calling invalidate() is not particularly useful: the cookie is expired when you call session.invalidate() so you can clean up your code a bit. Why are you bothering to attempt to delete the cookie from the client's machine? > and I found the cookie of main site was be removed but the second site > did not! Are you sure that your redirection is working properly? I would also look in your cookie cache to see what the details of the remaining cookie are. Could you post those? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkUWuwACgkQ9CaO5/Lv0PBzPACdGfVgxaN/28RxwOMtYVu3UiYW 0Z4Anj1gIKZ+3qwArKVSRJlsb/40nkTb =w4Us -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
