我正在使用spring security logout来实现注销。我的弹簧配置是
<http auto-config="true" use-expressions="true" entry-point-ref="customLoginUrlAuthenticationEntryPoint" disable-url-rewriting="true">
<logout success-handler-ref="logoutSuccessHandler" invalidate-session="true" delete-cookies="JSESSIONID,Helix"/>
</http>
我已经通过覆盖onLogoutSuccess方法实现了这个LogoutSuccessHandler(实现了SimpleUrlLogoutSuccessHandler),其中我正在做
response.setHeader("pragma", "no-cache");
response.setHeader("Cache-control", "no-cache, no-store, must-revalidate");
response.setHeader("Expires", "0");
response.sendRedirect(request.getContextPath()+"/DEP/loginHelix";
问题是,一旦我退出并且浏览器退回,我登陆登录后输入的页面。浏览器不应该工作.JSESSIONID cookie也不会被删除。