Can't remove JSESSIONID

UNCONFIRMED
Unassigned

Status

()

UNCONFIRMED
7 years ago
7 years ago

People

(Reporter: larkvagen, Unassigned)

Tracking

4.0 Branch
All
Other
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

7 years ago
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322)

Steps to reproduce:

Hi

When I log in to my corporates website using SSO and then log out I'm deleting cookies from server side (java).
I use the code 

cookie.setMaxAge(0);
cookie.setValue("");
cookie.setDomain(secureCookieDomain);
cookie.setPath("/");
request.getServletResponse(true).addCookie(cookie);

The above domain and path is correct, and I am in the right domain when trying to delete the JSESSIONID cookie. The domain of JSESSIONID is 3 levels like department.company.com

this works for other cookies and for JSESSIONID in other browsers but not in Firefox 4.01, if I try to log in again the JSESSIONID cookie is still there and has the same value as before and let me in directly, not having the chance to select certificate etc.


Actual results:

I get logged in again


Expected results:

I should have been rejected or get the chance to select a new certificate.
You need to log in before you can comment on or make changes to this bug.