Skip to content
Advertisement

Spring Boot SessionScoped Object not expired after logout. Autowires two different objects in different controllers

I needed to auto wire logged in User Object in my controller /service classes. So i created a util Bean as

@Component
public class UtilBeans {
    @Autowired
    UserService userService;

    @Bean(name = "loggedInUser")
    @SessionScope
    public UserMaster userMaster() {
        UserMaster user;
        try {
            user = (UserMaster) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
            user.setAuthorities(userService.getUserAuthorities(user.getUserId()));

        } catch (Exception e) {
            // TODO Auto-generated catch block
            System.out.println("user Not logged in");

        }
        return user;
    }
}

and used in controller class as

@Autowired
    @Qualifier(value = "loggedInUser")
    UserMaster user;

In most controllers it works OK, but in some controllers first logged in user object doesn’t change until I restart the application.

my logout configuration is as follows

.formLogin().loginPage("/loginForm").permitAll()
                .and()
                .formLogin().defaultSuccessUrl("/dashboard").and()
                
                
                .logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .deleteCookies("JSESSIONID").clearAuthentication(true)
                .invalidateHttpSession(true).permitAll();

Please help me where I am doing wrong. What I understand is , Session Scoped object should expire on logout, and it do changes but why not in some cases.

Advertisement

Answer

I by mistake assigned a different object of same type and same id to user in controller, changing code to remove that assignment fixed the problem.

6 People found this is helpful
Advertisement