0

I am using Webflow 2.3.0.RELEASE and Spring 3.1.2.RELEASE with Spring security and Freemarker. It all works well except that when I logout the session is not destroyed.

e.g. when I click the logout link on the screen, I can see the logout screen successfully with url like this:

http://localhost/mart/adminflow.html;jsessionid=855454DFGDFG54501DSF548036?execution=e1s1

If I copy this url and paste into a new window, it just works with me still logged in.

I am not too sure what code to share, but I can share.

Any advice/

Thanks

UPDATE 1:

The logout link :

<a class="link_a" href="../j_spring_security_logout">

Security config:

<security:global-method-security secured-annotations="enabled" />

<bean id="preAuthenticatedProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />

<security:http use-expressions="true" auto-config="false" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint"> 
      <security:custom-filter position="PRE_AUTH_FILTER" ref="preAuthFilter" /> 
      <security:logout logout-success-url="logout.htm?_eventId=logout" /> 
      <security:session-management invalid-session-url="logout.htm?_eventId=logout" /> 
</security:http>
4

0 回答 0