Important Notice - Forums is archived
To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.
Logout with TouchKit and persistent cookies
We provide a Logout button in our ToucKit application which does HttpSession#invalidate(). This does not work well with persistent session cookies that were added in the latest version. Persistent session cookies are great as they allow the app to be closed and reopened on iOS without losing the session. However when a session is invalidated, the old JSESSIONID cookie stays valid. This disables any other login as long as the cookie is valid. When another login is performed, a new JSESSIONID is allocated and a second JSESSIONID cookie is created. Both cookies are being sent to the server and the old one wins and the new session cannot be joined. Is this a bug or is there a better way to implement logout?