I'm migrating a big app from jboss as to wildfly 9, and I think I may have found a bug.

I have a logout method, this method invalidates the session, remove all cookies and redirect to /.

I also have a filter that checks for a cookie with the api token and authenticates the user if the cookie is present.

In jboss, it worked. I log out, the cookies are all removed, I go to /, filter run, there are no cookies, I see the login page.

In wildfly, the cookies continue to exist, so I'm logged in again.

Any tips on that? Is there anything I could change?

The code that removes the cookies is:

Cookie[] cookies = request.getCookies();
  for (int i = 0; i < cookies.length; i++) {
    cookies[i].setValue( null );
    cookies[i].setPath( "/" );
    cookies[i].setMaxAge( 0 );
    response.addCookie( cookies[i] );
}
request.logout();
request.getSession().invalidate();

Am I doing anything wrong?

Are there any changes on Undertow on how it works related to jboss web?