I hope someone may be able to provide some insight or a solution to a
problem we encountered after I upgraded from Tomcat 6 to 8. We're using
Tomcat as the servlet container for our Shibboleth IdP SSO, which we use
to authenticate to Google Apps. Google allows you to configure a URL used
for logout. We have this pointed at a logout.jsp page that basically does
the following (excerpted code cribbed from the shibboleth-users list):

<https://groups.google.com/forum/#!msg/shibboleth-users/CFkau-FHCsA/yx7KRO9xMCoJ>
---------------------
Cookie c;

c = new Cookie("JSESSIONID", null);
c.setPath("/idp");
c.setMaxAge(0);
response.addCookie(c);

c = new Cookie("_idp_session", null);
c.setPath("/idp");
c.setMaxAge(0);
response.addCookie(c);

session.invalidate();
---------------------

This was working until I upgraded from Tomcat 6 to Tomcat 8. Since then,
the cookies no longer seem to get wiped. Users are still logged in if
they revist any of the Google Apps.

Any suggestions or pointers on how to get this working again would
be most appreciated.

Aloha,
-baron
-- 
Baron Fujimoto <ba...@hawaii.edu> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to