1 Reply Latest reply: May 14, 2013 6:00 AM by MukeshSPatil RSS

    Unable to delete JSESSIONID cookie from ADF application

    MukeshSPatil
      Hi all

      I have a ADF application where i am using Logout button with action in managed bean. I want to delete the JSESSIONID cookie after logout.
      The logout bean is invalding the session and deleting the cookies. See code below.

      However code is not deleting the JSESSIONID cookie. I can see the cookie still exist in browser. Tester can use "back" button of browser and can see the user is still logged in application.

      How can delete JESSIONID cookie permanetly after logout action ? Am i missing some thing in code ? I am uing JDeveloper 11.1.1.5.0

      Mukesh

      =======
      public String AfterLogOut_action() {
      FacesContext fctx = FacesContext.getCurrentInstance();
      ExternalContext ectx = fctx.getExternalContext();
      String url = ectx.getRequestContextPath() + "/adfAuthentication?logout=true&end_url=/login.html";
      HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
      HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
      HttpSession session = (HttpSession)ectx.getSession(false);

      // Step 1 : delete the cookies

      if (request.getCookies() != null) {    
      for (Cookie cookie : request.getCookies()) {
      cookie.setMaxAge(0);
      cookie.setPath("/");
      response.addCookie(cookie);
      }
      }
      // Step 2 : Invalidate the session
      try {
      session.invalidate();
      ectx.redirect(url);
      } catch (IOException e) {
      e.printStackTrace();
      }
      fctx.responseComplete();
      return null;
      }

      ==========

      Edited by: Mukesh S Patil on May 11, 2013 5:44 PM