public void configure(HttpSecurity http) throws Exception {
http.antMatcher("/**").authorizeRequests().anyRequest().hasRole("USER")
.and().formLogin().loginPage("/login.jsp")
.failureUrl("/login.jsp?error=1").loginProcessingUrl("/login")
.permitAll().and().logout().logoutUrl("/logout.jsp").invalidateHttpSession(true).deleteCookies("JSESSIONID")
.logoutSuccessUrl("/listEmployees.html");
}
点击/logout.jso会话时,cookie不会被清除
答案 0 :(得分:0)
在你的注销配置中,删除注销的“.jsp”,试试这个:
logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout")).invalidateHttp...
在您的退出按钮中,只需添加:
href="/logout" (just it)