Spring Security:成功注销时重定向到 invalid-session-url 而不是 logout-success-url [英] Spring Security: Redirect to invalid-session-url instead of logout-success-url on successful logout

问题描述

我已经使用 Spring Security 3.0.2 实现了一个登录-注销系统，一切都很好，但是对于这一件事:在我添加了一个具有 invalid-session-url 属性的会话管理标签后，在注销时 Spring 总是会重定向我在 invalid-session-url 而不是 logout-success-url (它之前正确地做了).

I have implemented a login-logout system with Spring Security 3.0.2, everything is fine but for this one thing: after I added a session-management tag with invalid-session-url attribute, on logout Spring would always redirect me on the invalid-session-url instead of the logout-success-url (which it correctly did before).

有没有办法避免这种行为?

Is there a way to avoid this behaviour?

这是我的配置:

<http use-expressions="true" auto-config="true">
        [...some intercept-url's...]

    <form-login login-page="/login" authentication-failure-url="/login?error=true"
            login-processing-url="/login-submit" default-target-url="/home"
            always-use-default-target="true" />

    <logout logout-success-url="/home?logout=true" logout-url="/login-logout" />

    <session-management invalid-session-url="/home?invalid=true" />
</http>

非常感谢.

推荐答案

默认情况下，注销过程会先使会话失效，从而触发会话管理重定向到无效会话页面.通过指定 invalidate-session="false" 将修复此行为.

By default, the logout process will first invalidate the session, hence triggering the session management to redirect to the invalid session page. By specifying invalidate-session="false" will fix this behavior.

<sec:logout logout-success-url="/logout" invalidate-session="false" 
delete-cookies="JSESSIONID" />

这篇关于Spring Security:成功注销时重定向到 invalid-session-url 而不是 logout-success-url的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！