Spring Security:成功注销后,重定向到invalid-session-url而不是logout-success-url [英] Spring Security: Redirect to invalid-session-url instead of logout-success-url on successful logout
问题描述
我已经用Spring Security 3.0.2实现了一个登录注销系统,但是一切都很好,但是就这一点:在我添加了带有invalid-session-url属性的会话管理标签之后,在注销时Spring总是会重定向我在invalid-session-url上,而不是在logout-success-url上(之前正确做过).
I have implemented a login-logout system with Spring Security 3.0.2, everything is fine but for this one thing: after I added a session-management tag with invalid-session-url attribute, on logout Spring would always redirect me on the invalid-session-url instead of the logout-success-url (which it correctly did before).
有办法避免这种行为吗?
Is there a way to avoid this behaviour?
这是我的配置:
<http use-expressions="true" auto-config="true">
[...some intercept-url's...]
<form-login login-page="/login" authentication-failure-url="/login?error=true"
login-processing-url="/login-submit" default-target-url="/home"
always-use-default-target="true" />
<logout logout-success-url="/home?logout=true" logout-url="/login-logout" />
<session-management invalid-session-url="/home?invalid=true" />
</http>
非常感谢.
推荐答案
默认情况下,注销过程将首先使会话无效,从而触发会话管理重定向到无效的会话页面.通过指定invalidate-session ="false"将解决此问题.
By default, the logout process will first invalidate the session, hence triggering the session management to redirect to the invalid session page. By specifying invalidate-session="false" will fix this behavior.
<sec:logout logout-success-url="/logout" invalidate-session="false"
delete-cookies="JSESSIONID" />
这篇关于Spring Security:成功注销后,重定向到invalid-session-url而不是logout-success-url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!