Details
Details
Assignee
Pothys - MitrahSoft
Pothys - MitrahSoftReporter
Zac Spitzer
Zac SpitzerLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Fix versions
Priority
Created 29 January 2021 at 21:37
Updated 27 March 2025 at 05:57
The builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID).
You can dip down into the underlying JEE API and invoke the invalidate() function on the javax.servlet.http.HttpSession object. Here's how you can do this in CFML:
if (!isNull(getPageContext().getSession())) {
getPageContext().getSession().invalidate();
}
We are getting the Java HttpSession object from the PageContext object (which we can obtain from the CFML builtin function getPageContext()). It is possible that getSession() could return null if there is no JEE session associated with the current request
https://www.petefreitag.com/item/913.cfm