How to delete the sessionid from browser's cookie store

javascript browser sessionid jsessionid
SKing7 picture SKing7 · Apr 26, 2012 · Viewed 11.8k times · Source

I want to logout my web App in browser when click the logout button.And want to implement it just with js code.So,there's no logout servlet. That means,i need to delete the sessionid which is used now and stored in browser memory,but how can I do the same?

Answer

Ramesh picture Ramesh · Apr 26, 2012

  1. All your session cookies should be httpOnly for security reasons. This would ensure the cookies are not accessible in javascript and would reduce the risk in case of XSS attach. Which also means that the cookie cannot be just cleared at client side.

  2. When the user clicks logout, you may be interested in clearing the server side resources. At least for that you should be hitting the server.

With the above being said. I would recommend you make an AJAX call to your servlet and which can clear your cookie as well as free up server side resources allocated for that session.

If you are still not convinced and have to clear the cookie using javascript please refer to SO question delete cookies using javascript

Related questions

How to get the browser to navigate to URL in JavaScript

What is the best (correct, modern, cross-browser, safe) way to get a web browser to navigate to a URL of your choice using JavaScript?

Read More
How can I stop the browser back button using JavaScript?

I am doing an online quiz application in PHP. I want to restrict the user from going back in an exam. I have tried the following script, but it stops my timer. What should I do? The timer is stored …

Read More
How can I tell if a DOM element is visible in the current viewport?

Is there an efficient way to tell if a DOM element (in an HTML document) is currently visible (appears in the viewport)? (The question refers to Firefox.)

Read More