I hope someone may be able to provide some insight or a solution to a problem we encountered after I upgraded from Tomcat 6 to 8. We're using Tomcat as the servlet container for our Shibboleth IdP SSO, which we use to authenticate to Google Apps. Google allows you to configure a URL used for logout. We have this pointed at a logout.jsp page that basically does the following (excerpted code cribbed from the shibboleth-users list):
<https://groups.google.com/forum/#!msg/shibboleth-users/CFkau-FHCsA/yx7KRO9xMCoJ> --------------------- Cookie c; c = new Cookie("JSESSIONID", null); c.setPath("/idp"); c.setMaxAge(0); response.addCookie(c); c = new Cookie("_idp_session", null); c.setPath("/idp"); c.setMaxAge(0); response.addCookie(c); session.invalidate(); --------------------- This was working until I upgraded from Tomcat 6 to Tomcat 8. Since then, the cookies no longer seem to get wiped. Users are still logged in if they revist any of the Google Apps. Any suggestions or pointers on how to get this working again would be most appreciated. Aloha, -baron -- Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org