Closed GoogleCodeExporter closed 9 years ago
If this enhancement is ever added, I think that it should not call a
parameterized "logoutURL", but it should call an action like
"httpRequest.getSession().invalidate()".
This is simpler: no parameter added and no dependency on specific URL like
"j_spring_security_logout". And the result is probably the same.
And this logout "button" has no reason to be displayed when
httpRequest.getSession(false) returns null.
Original comment by evernat@free.fr
on 4 Jan 2013 at 4:37
I agree that httpRequest.getSession().invalidate() is better than nothing.
Spring security provide a logout URL because we can add many handler on the
logout action.
For example, on logout, we add a redirection to the login page.
So just "close the session" prevent this redirection.
So i prefer to parametrize the exit URL.
Original comment by lastm...@yahoo.fr
on 7 Jan 2013 at 10:27
A logout action, with session.invalidate(), is now added in the menu in the
floating menu on the right of the main report, if there is a http session
(revision 3859, for the next release 1.52).
So I think that this issue is fixed.
After logging out the http://localhost:8080/monitoring is called again. I
suppose that when there is no http session anymore to display the monitoring
page, then a redirect to the login page could happen.
Original comment by evernat@free.fr
on 29 Jul 2014 at 7:48
Original issue reported on code.google.com by
lastm...@yahoo.fr
on 4 Jan 2013 at 3:03