Invalid a session when user makes logout (Spring)

Question

Imagine the user A have multiple logins (are logged in) in diferent machines. When he logs out in one machine, the other sessions should automatically redirect to login page.

how i can implement this in spring security? For now, i have tis http configuration on security.xml

<http auto-config="true" use-expressions="true">
    <anonymous />
    <intercept-url pattern="/login.do" access="permitAll" />
    <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
    <form-login login-page="/login.do" />
    <logout logout-url="/j_spring_security_logout"
        success-handler-ref="myLogoutSuccessHandler" />
    <remember-me data-source-ref="dataSource" />

</http>

score 4 · Accepted Answer · edited May 23 '17 at 11:52

4

I would recomment you to have a look at SessionRegistry .You can check this here . There has been a discussion on this at Is it possible to invalidate a spring security session? . Check this out too

Spring sessions are stored as JsessionID cookies. Check here for a discussion on cookie removal.

edited May 23 '17 at 11:52

Community

1
1

answered Dec 15 '11 at 11:28

Aravind A

9,507
4
36
45

Invalid a session when user makes logout (Spring)

1 Answers1

Linked