我正在使用spring security logout来实现logout。我的spring配置是
<http auto-config="true" use-expressions="true" entry-point-ref="customLoginUrlAuthenticationEntryPoint" disable-url-rewriting="true">
<logout success-handler-ref="logoutSuccessHandler" invalidate-session="true" delete-cookies="JSESSIONID,Helix"/>
</http>
我已经通过覆盖 onLogoutSuccess 方法实现了这个 LogoutSuccessHandler(implements SimpleUrlLogoutSuccessHandler) 并且我正在做
response.setHeader("pragma", "no-cache");
response.setHeader("Cache-control", "no-cache, no-store, must-revalidate");
response.setHeader("Expires", "0");
response.sendRedirect(request.getContextPath()+"/DEP/loginHelix";
问题是,一旦我注销并返回浏览器,我就会登陆登录后输入的页面。浏览器返回不应该工作。JSESSIONID cookie 也没有被删除。