quarkus - Quarkus HTTP authentication logout
问题描述
I'm currently developping an application with Quarkus usig an http form authentication. After reading "Form based authentication" page (https://quarkus.io/guides/security-built-in-authentication) I'm facing an issue with the logout stage. The documentation does not mention any option to logout the current session.
As Quarkus internally uses Vert.x, I tried the following:
@Path("/auth")
public class AuthController {
@LoggerName("AuthController")
Logger log;
@ConfigProperty(name = "quarkus.http.auth.form.cookie-name")
String COOKIE_NAME;
@ConfigProperty(name = "quarkus.http.auth.form.location-cookie")
String REDIRECT_COOKIE_NAME;
@ConfigProperty(name = "quarkus.http.auth.form.login-page")
String LOGIN_PAGE;
@GET
@Path("/logout")
public void logout(@Context RoutingContext ctx) {
var c1 = ctx.removeCookie(COOKIE_NAME);
var c2 = ctx.removeCookie(REDIRECT_COOKIE_NAME);
log.info(String.format("c1 = %s, c2 = %s", c1.getName(), c2.getName()));
ctx.redirect(LOGIN_PAGE);
}
}
This does not works like expected. The log.info logs well ([AuthController] (executor-thread-0) c1 = MyCookieName, c2 = quarkus-redirect-location) and the redirection works fine. However the session persists.
How can i fixed it ?
Thanks for the help,
解决方案
After several research and tries, a solution I found is to invalidate the cookie with Javascript using:
document.cookie = "MyCookieName=; Max-Age=0";
This invalidate the cookie and redirect to the login page.
推荐阅读
- html - Cent OS 服务器上的 Nginx 抛出 404 not found
- c# - 以编程方式创建任务计划程序
- php - 使用php在日期时间添加日期和月份
- java - 在 xtext 中创建对象
- mysql - mysql上的错误说检查手册
- graphql - 将 GraphQL 类型模块化到单独的文件中
- react-router - react-router 和 react-hash-router 有什么区别?
- mysql - 在 C3P0.properties 上设置了多少个连接
- mysql - MySQL 查询将在一个月的最后一个小时内找到日期时间的所有条目
- graphql - apollo-client:如何从缓存中获取反向关系?