我用下面的安全配置我的春节,启动应用程序:春季安全:删除cookie中注销
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login").permitAll()
.and()
.authorizeRequests()
.antMatchers("/signup").permitAll()
.and()
.authorizeRequests()
.anyRequest().authenticated()
.and()
.logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true)
.and()
// We filter the api/signup requests
.addFilterBefore(
new JWTSignupFilter("/signup", authenticationManager(),
accountRepository, passwordEncoder),
UsernamePasswordAuthenticationFilter.class)
// We filter the api/login requests
.addFilterBefore(
new JWTLoginFilter("/login", authenticationManager()),
UsernamePasswordAuthenticationFilter.class)
// And filter other requests to check the presence of JWT in
// header
.addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
UsernamePasswordAuthenticationFilter.class);
}
当我注销,我想删除这是在登录时设置cookie。我使用deleteCookie
,但在标题中没有删除在登录期间设置的cookie的概念。为什么?
我该如何告诉浏览器删除cookie?
眼下,该响应的头部包含:
Set-Cookie →JSESSIONID=E4060381B435217F7D68EAAE82903BB0;path=/;Secure;HttpOnly
我应该设置过期时间的cookie来的日期早于当前日期?
在客户端使用'JSESSIONID'如何?客户端是否明确将其包含在每个请求的标题中? –
Cookie会自动作为请求中的标题发送。 – ThrawnCA