Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
  • How to invalidate a spring security session?

    • 0
    • 3
    • 0
    • 2
    • 0
    • 0
    • 0
    • 0
    • 14.5k
    Comment on it

    To invalidate spring security session you need to follow below steps:

      1. Add Logout configuration in your applicationContext-security.xml file

    Set logout-success-url attribute to /login.jsp. After logout user will be redirected to this page.

    <beans:beans xmlns=""
           <http entry-point-ref="authenticationProcessingFilterEntryPoint">
            <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
            <logout logout-success-url="/login.jsp" />
            <beans:bean id="authenticationProcessingFilterEntryPoint" class="">
            <beans:property name="loginFormUrl" value="/login.jsp" />
            <beans:property name="forceHttps" value="false"/>
        <beans:bean id="authenticationProcessingFilter" class="">
            <custom-filter position="AUTHENTICATION_PROCESSING_FILTER "/>
            <beans:property name="authenticationManager" ref="authenticationManager" />
            <beans:property name="filterProcessesUrl">
                  <user name="srccodes" password="password" authorities="ROLE_USER" />
      2. Now create a class and define the code as described below to invalidate session:
        public class SessionUtils {
            public static void logout(HttpServletRequest request) {
                HttpSession hs = request.getSession();
                Enumeration e = hs.getAttributeNames();
                while (e.hasMoreElements()) {
                    String attr = e.nextElement();
                    hs.setAttribute(attr, null);
            public static void removeCookies(HttpServletRequest request) {
                Cookie[] cookies = request.getCookies();
                if (cookies != null && cookies.length > 0) {
                    for (int i = 0; i < cookies.length; i++) {
      3. Now on click of your logout button call the below function:

    Hope this will help you :)

 0 Comment(s)

Sign In

Sign up using

Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: