StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow Invalidate users sessions when makes logout?
text
Body
copied!<p>I spent a lot of time to solve this problem, yet still couldn't get it work.</p> <p>I am using Spring Security. The application will run on multiple servers. I use the option "remember me" on login to save persistent logins in my database.</p> <p>If a user is connected to server 1, he has a session id in cookies browser. I turn on another server and this user makes authentication and the cookies browser have this session id and the session id of server 1 connection.</p> <p>When this user logs out in one server or another server, he should be redirected to login page in all servers.</p> <p>I tried to remove cookies from browser without success. How can I make this work? Any help?</p> <p>Example scenario: In gmail, if you have 2 tabs open in your account and if you log out from one of them, other tab automatically logs out too. The server 1 doesn't know the information of server 2.. I think my problem is here but I don't know how I can solve this.</p> <p>This is my security config:</p> <pre><code><http auto-config="false" use-expressions="true" disable-url-rewriting="true"> <intercept-url pattern="/login.do" access="permitAll" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <remember-me data-source-ref="dataSource" /> <form-login login-page="/login.do" /> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <custom-filter position="LOGOUT_FILTER" ref="logoutFilter" /> <session-management session-authentication-strategy-ref="sas" /> </http>  <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="/login.do" /> <beans:constructor-arg> <beans:list> <beans:ref bean="rememberMeServices"/> <beans:ref bean="logoutHandler"/> </beans:list> </beans:constructor-arg>  </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/login.do" /> </beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="jdbcUserService" /> </authentication-manager> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload