Saurabh Kumar
Reputation: 16651
how to delete remember me cookie in spring security
I was wondering how to the remove the remember me cookie when using spring remember me services. I am using the default remember me cookie name I came across the following documentation in spring to delete the JSESSION.
<http>
<logout delete-cookies="JSESSIONID" />
</http>
But is it possible to do something like below to delete the remember me cookie as well
I don't have a logout controller and i have the following configuration in the spring xml.
<http use-expressions="true">
<!-- Authentication policy -->
<form-login login-page="/signin" login-processing-url="/signin/authenticate" authentication-failure-url="/signin?param.error=bad_credentials" />
<logout logout-url="/signout" delete-cookies="JSESSIONID" />
....................
Upvotes: 2
Views: 3791
Answers (1)
zagyi
Reputation: 17518
I don't think you have to manually delete the remember-me cookie. The AbstractRememberMeServices implements the LogoutHandler interface, so it will receive a call-back from the LogoutFilter, and makes sure the remember-me cookie is cancelled on logout.
Upvotes: 1
Related Questions
- Spring security: Delete cookie for logout
- Spring Security "Remember Me" cookie gets deleted on browser closed event
- if session deleted, remember-me cookie is also deleted
- Spring security change remember me cookie name
- Spring Security CookieTheftException
- Spring security: remember-me cookie is created in the browser but password is not saving
- Spring security 'remember me' cookie not avaiable in first request
- How to use Remember me in spring security for custom authentication
- Spring Security: How to clear `remember me` cookie programmatically?
- How cancel a cookie in spring security?