How to log out automatically with Spring Security

I have a spring web application and I did user authentication using Spring security.

Everything works well. Log in and Log out works perfect!

Now, I want to implement in order to log out automatically. For example, if user has a window opened for about 30 minutes and do nothing (Sessions expired for instance) system should log out automatically. How can I implement this?

It might be implemented by client side (I send requests every 1 minutes and check if session is ended). But can’t I do this automatically from Spring?

I have this config:

<http auto-config="true" use-expressions="true">

        <intercept-url pattern="/admin**" />
        <access-denied-handler error-page="/403" />

        <form-login login-page="/login" 
            password-parameter="PASSWORD"  />

        <logout invalidate-session="true" 


and in web.xml


after 1 minute, I see that session was destroyed. kill the session after 1 minute. but page was not redirected to /login?logout


How about to use security configuration.?? I hope below config: will work.


 --namespace-> xmlns:security=""

        <security:logout invalidate-session="true"
                        logout-url="/logout.html" />



And them, you need to write your own because success-handler-ref=”Logout” is custom handler for logout:
Logout @Component

public class Logout extends SimpleUrlLogoutSuccessHandler {

    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response,
            Authentication authentication) throws IOException, ServletException {

        if (authentication != null) {
            // do something 

        super.onLogoutSuccess(request, response, authentication);       

Leave a Reply

Your email address will not be published. Required fields are marked *