Spring Security:成功注销时重定向到 invalid-session-url 而不是 logout-success-url [英] Spring Security: Redirect to invalid-session-url instead of logout-success-url on successful logout
问题描述
我已经使用 Spring Security 3.0.2 实现了一个登录-注销系统,一切都很好,但是对于这一件事:在我添加了一个具有 invalid-session-url 属性的会话管理标签后,在注销时 Spring 总是会重定向我在 invalid-session-url 而不是 logout-success-url (它之前正确地做了).
I have implemented a login-logout system with Spring Security 3.0.2, everything is fine but for this one thing: after I added a session-management tag with invalid-session-url attribute, on logout Spring would always redirect me on the invalid-session-url instead of the logout-success-url (which it correctly did before).
有没有办法避免这种行为?
Is there a way to avoid this behaviour?
这是我的配置:
<http use-expressions="true" auto-config="true">
[...some intercept-url's...]
<form-login login-page="/login" authentication-failure-url="/login?error=true"
login-processing-url="/login-submit" default-target-url="/home"
always-use-default-target="true" />
<logout logout-success-url="/home?logout=true" logout-url="/login-logout" />
<session-management invalid-session-url="/home?invalid=true" />
</http>
非常感谢.
推荐答案
默认情况下,注销过程会先使会话失效,从而触发会话管理重定向到无效会话页面.通过指定 invalidate-session="false" 将修复此行为.
By default, the logout process will first invalidate the session, hence triggering the session management to redirect to the invalid session page. By specifying invalidate-session="false" will fix this behavior.
<sec:logout logout-success-url="/logout" invalidate-session="false"
delete-cookies="JSESSIONID" />
这篇关于Spring Security:成功注销时重定向到 invalid-session-url 而不是 logout-success-url的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!