Single Signout issue/question

[dubininss]

I've configured CAS and several services. Everything is okay except one feature - single logout. When user goes to /logout on a service, he logout on the service and redirects to CAS. After that CAS sends POST requests to all registered (which has been authenticated) services where request is handled by org.jasig.cas.client.session.SingleSignOutFilter which calls destroySession method of org.jasig.cas.client.session.SingleSignOutHandler. In that method we find session by token and call session.invalidate(). Looks good, but it doesn't make user (authenticated on the other services) logged out. He will still authenticated on the services, where he didn't call /logout. It seems we need to do something else with spring security session. But I'm not sure what exactly. Probably we need to remove session information in SessionRegistry like: sessionRegistry.removeSessionInformation(sessionId); But if so, I'm a little bit confused why it's not realized. Could you please clarify how to deal with this situation? And If I understand things wrong correct me if possible. Thanks in advance!

[flparedes]

I had a similar issue (can't really logout the user) and after read several blogs, pages and tutorials find that to logout a user you must use "logoff" instead of "logout".

This is the logout code I used in my webapp and hope it helps:

`

Usuario: ${sec.loggedInUserInfo(field:'fullName')} ()
Salir

` Good luck.