Invalidating session in spring
After successful login, I have updated the user with this access token granted. When I logged in with the same username and password, in the background, I searched for the user and checked if there was any existing access token associated with him.Anyone know why the Security Context would still be in session after closing the browser?I'm not using remember me but the below cookies are being written.We have specified here that when the logout action completes, the user should be redirected to Well you could put a sign out link on your page yes, but what should the URL be ?
This is the logout fragment: As seen, Spring invalidated the HTTP Session.
The client’s state should never be stored anywhere in the Server. Well, in my case, I had a requirement like this, “The user X must have single active session or in another words he can log in only at one place (browser or whatever). As I am already using Oauth2 access token to access protected resources, I can use this access token as kind of session ID. Authentication Exception; import org.springframework.security.oauth2.config.configuration. Enable Resource Server; import org.springframework.security.oauth2.config.configuration. Resource Server Configurer Adapter; import org.springframework.security.oauth2.config.configurers.