In certain scenarios I want to forcefully logout a user. I’m using Spring Security and the only way I know how to do this is to forward/redirect to /logout (or whatever URL Spring listens to for logout attempts). Since in theory a user could stop his browser from following a redirect, I’d rather do a forward to the logout URL, as it’s very important that the logout logic is carried out. Since Spring will always do a redirect after a (un)successful logout, I’m wondering if this will be a problem. So, in short, is redirecting allowed after the request has already been forwarded, or will it result in an IllegalStateException?
In certain scenarios I want to forcefully logout a user. I’m using Spring Security
Share
No, it’s absolutely fine. The response itself has no knowledge of the forwarding – it occurs purely within the internals of the server. Forwarding is simply a mechanism for internal transfer of control from one server component to another.
In contrast, you generally cannot forward after redirecting, since redirecting “commits” the response, and there’s no undoing that.