I have a system which renders a session stored in the HttpSession unusable once the user logs out. All initialisation on the session is performed inside a HttpSessionListener.sessionCreated() method. Further accesses under the same JSESSIONID result in an error detailing that the user must close their browser before logging in again. However, many of our users access the system through phone network proxies which remember their cookies for them. There is no way that I know of to force the proxies to either not cache cookies or to flush the value for a cookie. However, the proxy should understand how to expire a cookie.
Is it possible to set an expires on a JSESSIONID cookie to the current time on a user logout? Will HttpSession.invalidate() do this for me? I need some way to indicate to proxies that they should no longer use the old JSESSIONID cookie value and to replace it with any new value which should come along. Does anyone know how this can be done? I'd rather not reference "JSESSIONID" in my code in case a different value is ever used. thanks, ian. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
