SessionInvalidate for JEE Sessions
The builtin CFML function sessionInvalidate()
works great for invalidating or clearing a ColdFusion session (CFID
/CFTOKEN
). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID
).
You can dip down into the underlying JEE API and invoke the invalidate()
function on the javax.servlet.http.HttpSession
object. Here's how you can do this in CFML:
if (!isNull(getPageContext().getSession())) { getPageContext().getSession().invalidate(); }
We are getting the Java HttpSession
object from the PageContext
object (which we can obtain from the CFML builtin function getPageContext()
). It is possible that getSession()
could return null
if there is no JEE session associated with the current request.
Like this? Follow me ↯
Tweet Follow @pfreitagSessionInvalidate for JEE Sessions was first published on January 22, 2021.
If you like reading about java, session, or j2ee then you might also like:
The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.