We logged in to the application and now we can access the content as per the role. Once we complete our browsing, it's time to leave the application. However, we cannot leave the application just by closing the browser as it's unsafe. We have to log out safely from the application. The standard configuration to configure logout in <http>
is shown in the following configuration:
<security:logout logout-success-url="name_of_page_to_redirect" delete-cookies="delete_cookies_or_not" invalidate-session="invalidate_the_session_or_not"/>
The attributes used in the configuration are as follows:
- logout-success-url: This is the name of the page where the user will redirect
- delete-cookies: This is the value that specifies to delete the cookies saved to the client or not after logging out
- invalidate-session: This is the attribute used to invalidate the session after logging out
/logout
is the end of one browsing process, which provides the information to the framework that the user...