I am using Spring-Security 3.1. Before I added invalid-session-url attribute of session management, it was correctly redirecting to logout page. However, after adding invalid-session-url it is redirecting to session expire page even I click on logout button.
Also, after session-timeout period if I load login page it redirects to session expired page.
I have to check for session-expiry and redirect user to session expired page if session is expired. However, after usage of invalid-session-url tag it redirects me to session expire page even for login and logout scenario.
In some of the posts it is advised not to use invalid-session-url. However, I am unable to understand that then how would I be able to show session expire page after actual session expire.
Any help will be appreciated.
Best Answer
By default, the logout process will first invalidate the session, hence triggering the session management to redirect to the timeout page. By specifying invalidate-session="false" will fix this behavior.