问题
I am using another webpage that passes the user authentication( AD login ) to WebSphere by URL. When I am logging out I am redirecting towards the log-in page and is already logged in since my session is never closed. I tried a few things to disable the cookie with WebSphere but nothing worked. Is there an easy way to delete the cookies with a java code when I press the log out button? Any help is very appreciated.
回答1:
If you are using WebSphere 8.x you should use servlet 3.0 api and the request.logout() method, before you are doing redirection to the logout page. This method will remove session and authentication cookies.
For older WebSphere versions/ servlet api use the following (deprecated in WAS v8):
try {
WSSecurityHelper.revokeSSOCookies(req, res);
} catch(Exception e) {
...
}
UPDATE
For v7 I'd recommend form-logout.
If you want to logout form application you create the following logout form, or create custom post to the ibm_security_logout you can use logoutExitPage to redirect to desired page after logout:
<h2>Sample Form Logout</h2>
<FORM METHOD=POST ACTION="ibm_security_logout" NAME="logout">
<input type="submit" name="logout" value="Logout">
<INPUT TYPE="HIDDEN" name="logoutExitPage" VALUE="/login.html">
</form>
For more details see Customizing login/logout
If you cannot use this form logout then use the WSSecurityHelper.revokeSSOCookies(req, res) as shown above in your servlet.
来源:https://stackoverflow.com/questions/27466797/erase-cookie-in-websphere-how-to-log-out