Spring Security Logout session is not invalidated

后端未结

关注

 2  605

执笔经年 2021-01-27 00:02

I tried almost everything I could find on StackOverflow and elsewhere to make this working and this still does not work. I am using Spring Framework 4.1.6.RELEASE, Spring Securi

2条回答

南方客 (楼主)

2021-01-27 00:36

Update 2015-04-23 14:37:00 SOLVED

My problem is solved. Since I sent via ajax a POST to logout, I received the url where I am supposed to point my browser from my success logout handler. I have to manually point the browser to this location from my javascript with the window.location.href = new_url.

Update 2015-04-23 15:55:00 follow up

Note: I have to put this into a separated answer since I reached the limit of characters in a single post.

Here is a snippet of my javascript code to post via ajax requesting the logout:

    $('#deconnexion').click(function(event) {
        // Envoyer la requête
        var csrfToken = $("meta[name='_csrf']").attr("content");
        var csrfHeader = $("meta[name='_csrf_header']").attr("content");
        var csrf_header = { };
        csrf_header[csrfHeader] = csrfToken;
        $.ajax({
            headers: csrf_header,
            url: 'deconnexion',
            processData: false,
            type: "POST",
            contentType: "text/xml",
            dataType: "text",
            success: function(data, textStatus, xhr) {
            /* */
                console.log("Etat rapporté: " + xhr.status);
                console.log("Données: " + data);
                console.log("Etat description: " + textStatus);
                console.log("reponseText: " + xhr.responseText);
                console.log("URL redirection: " + xhr.getResponseHeader("Location"));
            /*  */
                //window.location.href = xhr.getResponseHeader("Location");
            },
            error: function(xhr, textStatus, thrownError) {
            /*
                console.log("Etat rapporté: " + xhr.status);
                console.log("Erreur description: " + thrownError);
                console.log("Etat description: " + textStatus);
                console.log("reponseText: " + xhr.responseText);
                */
                window.location.href = xhr.getResponseHeader("Location");
            }
        });
    });

I haven't yet tested the error conditions. In the script the window.location.href is commented for the test.

Here are the screenshots:

logout headers in firebug answer to the logout request

If there is something that can be done to let the browser and AJAX do the job, I am interested to know how I can do this.

0 讨论(0)

查看其它2个回答