GetCookies from javax.servlet.http.HttpSessionEvent?

W

web_dev2013-10-16 16:26:22

Java

web_dev, 2013-10-16 16:26:22

Hello, in one project need to remove JSESSIONID in "sessionDestroyed".
But I don’t understand how I can get cookies from javax.servlet.http.HttpSessionEvent.
It is clear that it was possible to design a bit differently before, but now this is exactly the question.
Thanks for the ideas and solutions.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Smirnov, 2013-10-21
@bobzer

Not sure where to delete?
You can get the JSESSIONID value like this:
HttpSessionEvent.getSession().getId()
Cookies are a client object, respectively, they exist only when exchanging data with the client. Therefore, you can find out cookies from the request sent from the client (browser), and you can change them in the response to the client. The destruction of the session, and accordingly the sessionDestroyed event, in many cases occurs without any participation of the client, for example, the web server "kills" the session by timeout, so there is no access to cookies.

B

Boris Vanin, 2013-11-20
@fogone

I can confuse something, but JSESSIONID must be removed by the container and after that it is just called public void sessionDestroyed(HttpSessionEvent se). Of course, working with a session cookie directly is a bad idea, you need to call session invalidation: HttpSession.invalidate(), especially since you can change cookies in any way only by sending them to the user in HttpServletRespons, which means that sessionDestroyedchanging the cookie will not work. (unless, of course, we take into account the method with saving the response to the threadlocal - you can't be sure about the context of the call sessionDestroyed)