I'd like to destroy the application session, but it's a third party application.
So, the solution that I'm using is "cleaning" the cookie by a client side programing Javascript, like this: "javascript:document.cookie = 'cookieName= ; domain=.example.com; path=/';" It's working fine... but i know that it's not so secure. However, at the "casLogoutView.jsp" there is a message emphasizing the importance of closing the browser to ensure the process SSOut. On Friday, January 25, 2013 5:21:02 PM UTC-2, Andrew Morgan wrote: > > On Fri, 25 Jan 2013, Gil Victor Teixeira Pinto wrote: > > > Hi Scott! > > It's true, I can't do that. > > :( > > > > I tried to remove the cookie, but the SingleSignOutFilter does not > continue > > the filterChain: > > > > ... > > Cookie ltpaCookie = new Cookie( cookieName, "" ); > > ltpaCookie.setDomain( cookieDomain ); > > ltpaCookie.setPath( cookiePath ); > > ltpaCookie.setComment( "EXPIRING COOKIE at " + > > System.currentTimeMillis() ); > > ( (HttpServletResponse) servletResponse ).setContentType( > > "text/html" ); > > ( (HttpServletResponse) servletResponse ).addCookie( ltpaCookie > ); > > > > *// filterChain.doFilter( servletRequest, servletResponse ); > > there isn't filter chain to continue.* > > ... > > > > So, without a response to the browser there no way to remove the > cookie... > > Since cookies only exist in web browsers, that makes sense to me. :) > > It sounds to me like what you actually want to do is destroy the user's > application session. > > Andy > > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
