Remove Cookie inside HttpSessionListener
I have a situation where I need to create a cookie when the session is created and when the session is deleted I have to delete the cookie. When the user manually logs out, I can delete the cookie in the doGet method of the logout servlet. But when the session ends, I cannot do this, so I plan to sue the HttpSessionListener for this, but I have seen some where we cannot do this. Is there any other way than the one mentioned here .
source to share
Indeed, how do you delete a cookie when you don't have access to the user?!?!
The only solution is to set the realtime cookie time to the exact time of your cookie session (1 hour is the default)
For every request you need to set a cookie with updated time ( current_timestamp+'1 hour'
), it will tell the browser to save the cookie for the next 1 hour.
Apart from the cookie, you need to check the integrity of the cookie and the session, just keep track of the integrity of the cookie with the session (maybe a hash), it helps you when the user tries to trick your server by providing cookie A from user A by user of session B.
source to share