From f84e1d5607bf6e37dfc817378670ffd2b1c4c463 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Mon, 19 Dec 2022 11:40:53 +0800 Subject: [PATCH] mgt logout invalidate http Session --- .../java/org/maxkey/web/contorller/LogoutEndpoint.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java index db80b8920..e3e77b06f 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java @@ -17,10 +17,14 @@ package org.maxkey.web.contorller; +import javax.servlet.http.HttpServletRequest; + import org.maxkey.authn.annotation.CurrentUser; import org.maxkey.authn.session.SessionManager; import org.maxkey.entity.Message; import org.maxkey.entity.UserInfo; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -29,16 +33,20 @@ import org.springframework.web.bind.annotation.RequestMapping; @Controller public class LogoutEndpoint { + private static Logger _logger = LoggerFactory.getLogger(LogoutEndpoint.class); @Autowired protected SessionManager sessionManager; @RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE}) - public ResponseEntity logout(@CurrentUser UserInfo currentUser){ + public ResponseEntity logout(HttpServletRequest request,@CurrentUser UserInfo currentUser){ sessionManager.terminate( currentUser.getSessionId(), currentUser.getId(), currentUser.getUsername()); + //invalidate http session + _logger.debug("/logout invalidate http Session id {}",request.getSession().getId()); + request.getSession().invalidate(); return new Message().buildResponse(); }