Has anyone had any success with invalidating a session and removing the JSESSIONID cookie from the users browser (without requiring the user to close their browser)? I've tried using "session.invalidate()" with no success. I've also tried resetting the JSESSIONID cookie setting the time to expire as 0 (cookie.setMaxAge(0)) with no success.
Anyone had luck with this?