Invalidating session in spring


If I clear the cookies then I get a null Security Context after closing and reopening the browser as expected.**cookies:** PREF=ID=00446c4b289785bd: U,315 DEBUG Http Session Security Context Repository:166 - Obtained a valid Security Context from SPRING_SECURITY_CONTEXT: 'org.springframework.context.



After successful login, I have updated the user with this access token granted. When I logged in with the same username and password, in the background, I searched for the user and checked if there was any existing access token associated with him.Anyone know why the Security Context would still be in session after closing the browser?I'm not using remember me but the below cookies are being written.We have specified here that when the logout action completes, the user should be redirected to Well you could put a sign out link on your page yes, but what should the URL be ?

This is the logout fragment: As seen, Spring invalidated the HTTP Session.

The client’s state should never be stored anywhere in the Server. Well, in my case, I had a requirement like this, “The user X must have single active session or in another words he can log in only at one place (browser or whatever). As I am already using Oauth2 access token to access protected resources, I can use this access token as kind of session ID. Authentication Exception; import org.springframework.security.oauth2.config.configuration. Enable Resource Server; import org.springframework.security.oauth2.config.configuration. Resource Server Configurer Adapter; import org.springframework.security.oauth2.config.configurers.