Answer the question
In order to leave comments, you need to log in
GetCookies from javax.servlet.http.HttpSessionEvent?
Hello, in one project need to remove JSESSIONID in "sessionDestroyed".
But I don’t understand how I can get cookies from javax.servlet.http.HttpSessionEvent.
It is clear that it was possible to design a bit differently before, but now this is exactly the question.
Thanks for the ideas and solutions.
Answer the question
In order to leave comments, you need to log in
Not sure where to delete?
You can get the JSESSIONID value like this:
HttpSessionEvent.getSession().getId()
Cookies are a client object, respectively, they exist only when exchanging data with the client. Therefore, you can find out cookies from the request sent from the client (browser), and you can change them in the response to the client. The destruction of the session, and accordingly the sessionDestroyed event, in many cases occurs without any participation of the client, for example, the web server "kills" the session by timeout, so there is no access to cookies.
I can confuse something, but JSESSIONID must be removed by the container and after that it is just called public void sessionDestroyed(HttpSessionEvent se)
. Of course, working with a session cookie directly is a bad idea, you need to call session invalidation: HttpSession.invalidate()
, especially since you can change cookies in any way only by sending them to the user in HttpServletRespons, which means that sessionDestroyed
changing the cookie will not work. (unless, of course, we take into account the method with saving the response to the threadlocal - you can't be sure about the context of the call sessionDestroyed
)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question