Because the UserInfo servlet is now being used to determine if a user is logged in there is no need to remove the JSESSIONID cookie anymore.
Most browsers seem to regard the actual deletion of cookies as a bad practice anyway (some block it), that is why jetty just sets the id to a not used one when invalidating the session.
Because the UserInfo servlet is now being used to determine if a user is logged in there is no need to remove the JSESSIONID cookie anymore.
Most browsers seem to regard the actual deletion of cookies as a bad practice anyway (some block it), that is why jetty just sets the id to a not used one when invalidating the session.