I would like to revoke JSESSION id when user logout from my application. In the current scenario IE 9 passes the same jsession id while IE 8 passes a different jsession id once the user logout/login back.
Is there any IBM specific API which can revoke or delete the JSESSION ID from server? I have tried various options to resolve this but still not able to resolve
Option 1: Expire JSESSION Cookie. It works on local server but it fails on server because of the following the property HttpSessionIdReuse set at the server side.
Option 2: Expire LTPAToken Cookie.
Option 3. invalidating ibm session com.ibm.websphere.servlet.session.IBMSession ibmSession
Option 4: Tried to change HTTP cookie by using apache HTTP library.
HttpClient httpclient = new DefaultHttpClient();
// Create a local instance of cookie store
CookieStore cookieStore = new BasicCookieStore();