So, I'm trying to determine if this is an error or browser caching, or if I miss something, but when I log out, I can access any page that I accessed earlier. I even have an ajax call for the rest destination, and when I call, I type the answer and get 200 ok.
Now, if I exit, it returns to the login page with invalid session url parameters. So it looks like it is trying to delete the session, plus if I close the browser completely, and not just the tab, I can no longer access the pages that I had access to before. But if I do not close the browser, I can access any pages that I have already accessed, pages that I have not accessed, send me to the login page. This makes me wonder if there is a problem in the browser cache, but 200ok at the request of ajax makes me doubt it.
Spring-Security version 3.1.0
Here is my configuration to exit the system.
<logout invalidate-session="true" logout-success-url="/login-page.html?logout=true"
logout-url="/j_spring_security_logout" />
<session-management invalid-session-url="/login-page.html?session=invalid">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
in web.xml I added this listener
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
UPDATE
This is really a browser cache problem, so to fix this I added xml to DispatcherServlet
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="cacheSeconds" value="0" />
</bean>
META
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
.