Reasons why cookies are always unavailable for immediate removal
The project is used to springsecurity2.0; The purpose is permission management and order login.
The cookie is of course a single sign-on.
Our own implementation of the single sign-on, is to write the filter, and then fill in the user information and authentication information into a cookie, this time to fill in this cookie domain and path;
Without checking the rememberme, it is possible to return to the login interface after exiting. Then I fill out the tick rememberme and set the cookie time to two weeks. However, I found that the cookie cannot be cleared after exiting, and I filled out the following code in the Exit method:
Cookie cookie = new Cookie ("Ssoauthor", null);
Cookie.setmaxage (0);
These two pieces of code are seen from other blogs. The discovery is not good, perhaps they did not verify on their own reproduced it.
Then I found out the first missing Response.addcookie (cookie);
Added after the discovery still can't delete, make my head is big, find a day more, finally found, is the code write problem, because the cookie is the domain and path. So a cookie with the same name as a direct new may not be able to replace the original cookie. So you can only add the previous domain and path. The implementation is as follows:
Cookie cookie = new Cookie ("Ssoauthor", null);
Cookie.setmaxage (0);
Cookie.setdomain (Cookiedomain);
Cookie.setpath (Cookiepath);
Response.addcookie (cookie);
This will really remove the previous cookie ...