Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Where to include a web components css file when integrating a third party w by Martin Vyšný, 1 week ago
Recent Posts
Vaadin Forum1. Vaadin Flow - Java

Logout with TouchKit and persistent cookies

Chaléat Philippe
9 years ago May 16, 2012 7:33am

We provide a Logout button in our ToucKit application which does HttpSession#invalidate(). This does not work well with persistent session cookies that were added in the latest version. Persistent session cookies are great as they allow the app to be closed and reopened on iOS without losing the session. However when a session is invalidated, the old JSESSIONID cookie stays valid. This disables any other login as long as the cookie is valid. When another login is performed, a new JSESSIONID is allocated and a second JSESSIONID cookie is created. Both cookies are being sent to the server and the old one wins and the new session cannot be joined. Is this a bug or is there a better way to implement logout?