Hi Christopher, Thank you for your answer, I've monitored the value of cookies with debug mode at server running, and the cookie values were be set to the new values.
I'm not sure what effect of setting the session as invalidate and setting new cookie values, I think set session as invalidate was telling the server this session should be invalidated, and set cookies as new values was telling the client browser to set the new value to cookies, what I think as that, and I'm not sure do I right or wrong?! Why I attempt to delete the cookie from client's machine, that is a requirement from my desinger, and I don't know why and I don't need to know(I've asked why do that before....) the redirection is a complicated linking flow, and I'm sure it was properly, because it was working well after I changed the logout URL path. Why we do that from a main site redirecte to second site and finally redirecte back to the main site, that is becausr we want the both sites to clean-up their own cookies when logout was be requested. now, I still don't know why I must change the logout URL path(the URL path of cookies modifier) same as the login URL path(the URL path of cookie creator) when I was through the main site to seconf site, and they are at same host by different server port number. But if I just open a new browser and to request the second site logout URL(with different URL path), then the cookies of second site could be expired by this request! Best regards, Bon Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Bon, > > Bon wrote: >> the logout Servlet will do something as following: >> 1. set the cookies maxAge to 0 and add them into response again. >> cookie.setMaxAge(0); >> response.addCookie(cookie); >> 2. set the session to invalidate >> request.getSession().invalidate(); >> 3. response.sendRedirect(redirectTo); redirectTo is the URL of second >> site's logout link. >> then the client browser will redirect to second site's logout URL, >> and >> it is a Struts Action, >> and this logout Action will do something as following: >> 1. set the session to invalidate >> 2. set the cookie maxAge to 0 and add them into response again. >> cookies[i].setMaxAge(0); >> response.addCookie(cookies[i]); >> 3. forward to a logout default display page. >> 4. direct to main site some page by form submit in default logout >> display page. > > You should check to make sure that new cookies are not replacing the old > cookies immediately after the invalidate() has been called. Also note > that calling setMaxAge before calling invalidate() is not particularly > useful: the cookie is expired when you call session.invalidate() so you > can clean up your code a bit. Why are you bothering to attempt to delete > the cookie from the client's machine? > >> and I found the cookie of main site was be removed but the second >> site >> did not! > > Are you sure that your redirection is working properly? > > I would also look in your cookie cache to see what the details of the > remaining cookie are. Could you post those? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkkUWuwACgkQ9CaO5/Lv0PBzPACdGfVgxaN/28RxwOMtYVu3UiYW > 0Z4Anj1gIKZ+3qwArKVSRJlsb/40nkTb > =w4Us > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/a-cookie-question-of-one-Server-with-two-tomcat-server-tp20355052p20414674.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]