Skip to content

Spring Boot SessionScoped Object not expired after logout. Autowires two different objects in different controllers

I needed to auto wire logged in User Object in my controller /service classes. So i created a util Bean as

public class UtilBeans {
    UserService userService;

    @Bean(name = "loggedInUser")
    public UserMaster userMaster() {
        UserMaster user;
        try {
            user = (UserMaster) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        } catch (Exception e) {
            // TODO Auto-generated catch block
            System.out.println("user Not logged in");

        return user;

and used in controller class as

    @Qualifier(value = "loggedInUser")
    UserMaster user;

In most controllers it works OK, but in some controllers first logged in user object doesn’t change until I restart the application.

my logout configuration is as follows

                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))

Please help me where I am doing wrong. What I understand is , Session Scoped object should expire on logout, and it do changes but why not in some cases.



I by mistake assigned a different object of same type and same id to user in controller, changing code to remove that assignment fixed the problem.

6 People found this is helpful