我用下面的安全配置我的春節,啓動應用程序:春季安全:刪除cookie中註銷
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(),
accountRepository, passwordEncoder),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
當我註銷,我想刪除這是在登錄時設置cookie。我使用deleteCookie
,但在標題中沒有刪除在登錄期間設置的cookie的概念。爲什麼?
我該如何告訴瀏覽器刪除cookie?
眼下,該響應的頭部包含:
Set-Cookie →JSESSIONID=E4060381B435217F7D68EAAE82903BB0;path=/;Secure;HttpOnly
我應該設置過期時間的cookie來的日期早於當前日期?
在客戶端使用'JSESSIONID'如何?客戶端是否明確將其包含在每個請求的標題中? –
Cookie會自動作爲請求中的標題發送。 – ThrawnCA