How cancel a cookie in spring security?

Question

i am using spring security for authentication and if i have 2 servers (server1, server2) using the same file war.

the User A make login in server 1, saving data on persistent_logins table. If the user A makes refresh on server 2, is automatically logged. This is correct but if the u*ser A (server1)* makes logout, the data of table persistent_logins is removed and the user A(server 2) when makes refresh, still connect.

What i can do to user A(server 2) change to logout mode?

thanks

score 2 · Accepted Answer · answered Dec 13 '11 at 15:32

2

If you know how to catch the moment when you need to make user_A log out, you may consider using filters and clearing the current session.

public void doFilter(ServletRequest request, ServletResponse response,
        FilterChain chain) throws IOException, ServletException {
    // skip non-http requests
    if (!(request instanceof HttpServletRequest)) {
        chain.doFilter(request, response);
        return;
    }

    HttpServletRequest httpRequest = (HttpServletRequest) request;
    httpRequest.getSession().invalidate();
    ...

If you need to inject some beans using spring, you may have a look at DelegatingFilterProxy

answered Dec 13 '11 at 15:32

Alexey Grigorev

2,415
28
47

can you explain me better what i can do? i am new with spring – Vítor Nóbrega Dec 13 '11 at 17:38
Of course. Create a class which implements Filter interface. Declare it in your web.xml. And that's actually all. – Alexey Grigorev Dec 13 '11 at 21:16
Similar to my answer for http://stackoverflow.com/questions/8478188/is-it-possible-to-invalidate-a-spring-security-session/8480164#8480164 – sourcedelica Dec 13 '11 at 22:19

score 1 · Answer 2 · answered Dec 13 '11 at 14:57

1

The easiest solution update data on both server when user logout

answered Dec 13 '11 at 14:57

nidhin

6,661
6
32
50

How cancel a cookie in spring security?

2 Answers2