jaredready
Reputation: 2698
Spring Security 3.2.2 Logout Redirecting to Wrong Page
I have a logout button created which is set up and works, but it's redirecting to my invalid-session-url for some reason. Relevant bit of the security.xml:
<http use-expressions="true">
<form-login login-page="/login"
login-processing-url="/j_spring_security_check"
default-target-url="/view"
always-use-default-target="true"
authentication-failure-url="/login?redirect=login_error" />
<logout logout-success-url="/login?redirect=logout" delete-cookies="JSESSIONID"/>
<session-management invalid-session-url="/login?redirect=session_timeout" />
<intercept-url pattern="/login" access="isAnonymous()" />
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
Not sure why this is happening. I have my session-timeout in web.xml set to 5.
Upvotes: 0
Views: 414
Answers (1)
Evgeni Dimitrov
Reputation: 22516
When you logout the first thing that Spring Security does is to invalidates the session, so the invalid-session-url is used. You can set invalidate-session="false" on the logout element or remove <session-management invalid-session-url="/login?redirect=session_timeout" />.
Upvotes: 0
Related Questions
- Spring security - Disable logout redirect
- Spring Boot Logout then Login Redirects to Wrong URL
- Spring Security Logout Redirects to Logout Success and then Immediately to Invalid Session Page
- Spring Security Redirection and Logout Issue
- Issue with Spring security's logout
- Spring logout gives 404 error
- spring-security login?logout redirects to login
- Spring Security logout-success-url Not Being Honored
- Spring Security 3.1 redirect after logout
- Why does Spring Security go to last page before logout when I log out and log back in?