Announcement Announcement Module
Collapse
No announcement yet.
Immediate signing in after logout causes redirection to home page Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Immediate signing in after logout causes redirection to home page

    I have a common login and logout screen. When i logout after signing in... I come to signin page. Default behavior of spring security invalidates the session on logout so if i try to sign-in using the same screen, i get redirected to home page as there is no session available at that point. The desired behavior should be able to sign-in immediately after sign-out, which is not happening due to session invalidation

    Code:
    <http use-expressions="true" access-denied-page="/access-denied">
        <intercept-url pattern="/secured/user/sign-up" access="hasAnyRole('ROLE_USER','ROLE_ANONYMOUS')" />
        <intercept-url pattern="/secured/user/sign-in" access="hasRole('ROLE_ANONYMOUS')" />
        <intercept-url pattern="/secured/**" requires-channel="https" />
        <intercept-url pattern="/user/dashboard/**" access="hasAnyRole('ROLE_IC')" />
        <intercept-url pattern="/**" access="permitAll"
            requires-channel="http" />
        <form-login login-page="/secured/user/sign-in" 
            authentication-success-handler-ref="authenticationSuccessHandler"
            authentication-failure-url="/secured/user/sign-in" />
        <logout logout-success-url="/secured/user/sign-in?loggedout=true"
            logout-url="/secured/logout"/>
        <security:session-management
            session-fixation-protection="none">
        </security:session-management>
    </http>
    If you refer to the xml, you will see /secured/user/sign-in is used for both sign-in and sign-out

    How can I handle this issue ?

  • #2
    This just sounds like the expected behaviour. Are you really that you don't want the session invalidated when the user logs out?

    Comment


    • #3
      Yes, i want session to invalidate but also want spring to create a new session and authenticate on the next request. The problem here is after sign out I am unable to sign-in. This works fine if I refresh the browser and sign-in as a new session gets created and spring is able to authenticate.

      Comment


      • #4
        There doesn't need to be a session in order to authenticate. One will be created as necessary.

        Comment

        Working...
        X