Spring Security:如何以编程方式清除“记住我" cookie? [英] Spring Security: How to clear `remember me` cookie programmatically?

问题描述

我在如下所示的Web应用程序中使用注销方法，但是如果我检查remember me，注销将不起作用，因为未清除cookie.如何以编程方式在我的方法中清除此Cookie(或如何使注销方法更好)?

I'm using logout method in web-app like below, but if i check remember me logout doesn't work, because cookie isn't cleared. How to clear programmatically this cookie in my method (or how to make better logout method) ?

public void logout() {
    AnonymousAuthenticationToken anonymous = new AnonymousAuthenticationToken("anonymous", "anonymous", new ArrayList(Arrays.asList(new GrantedAuthorityImpl("ROLE_ANONYMOUS"))));
    SecurityContextHolder.getContext().setAuthentication(anonymous);
}

推荐答案

如果您使用的是标准Spring Security cookie名称(SPRING_SECURITY_REMEMBER_ME_COOKIE)，则可以执行以下操作:

If you are using the standard Spring Security cookie name (which is SPRING_SECURITY_REMEMBER_ME_COOKIE), you can do this:

void cancelCookie(HttpServletRequest request, HttpServletResponse response)
{
  String cookieName = "SPRING_SECURITY_REMEMBER_ME_COOKIE";
  Cookie cookie = new Cookie(cookieName, null);
  cookie.setMaxAge(0);
  cookie.setPath(StringUtils.hasLength(request.getContextPath()) ? request.getContextPath() : "/");
  response.addCookie(cookie);
}

如果您使用的是自定义Cookie名称，则必须更改cookieName值.

You'll have to change the cookieName value if you are using a custom cookie name.

这篇关于Spring Security:如何以编程方式清除“记住我" cookie?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！