for (Cookie cookie : request.getCookies()) { if (StringUtils.equalsIgnoreCase(cookie.getName(), "cookie-name")) { cookie.setValue(""); cookie.setMaxAge(0); response.addCookie(cookie); } }
Unfortunately, it doesn't work because a cookie is identified by its name, domain, and path. But we don't change the domain or path, do we? Actually the browser will send only name=value in the HTTP Cookie header.
Other attributes (secure, domain, path, expiration) are only available for cookies that we set into the response yourself. They are used to create the Set-Cookie response headers.
Therefore cookie.getDomain() and cookie.getPath() always return null.
The solution is explicitly set domain and path
for (Cookie cookie : request.getCookies()) { if (StringUtils.equalsIgnoreCase(cookie.getName(), "cookie-name")) { cookie.setDomain("localhost"); cookie.setPath("/"); cookie.setValue(""); cookie.setMaxAge(0); response.addCookie(cookie); } }
No comments:
Post a Comment