Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update logout.adoc

Browse Source 
typos

Signed-off-by: Juha-1 <52188855+Juha-1@users.noreply.github.com>
This commit is contained in:
Juha-1 2025-02-17 19:04:57 +02:00 committed by Josh Cummings
parent 47630ca354
commit 19a5a9c970
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc
View File

@ -242,7 +242,7 @@ This means that it will only terminate sessions whose Client matches the `aud` c
One notable part of this architecture's implementation is that it propagates the incoming back-channel request internally for each corresponding session.
Initially, this may seem unnecessary.
However, recall that the Servlet API does not give direct access to the `HttpSession` store.
By making an internal logout call, the corresponding session can now be validated.
By making an internal logout call, the corresponding session can now be invalidated.
Additionally, forging a logout call internally allows for each set of ``LogoutHandler``s to be run against that session and corresponding `SecurityContext`.
@ -299,7 +299,7 @@ Java::
[source=java,role="primary"]
----
@Bean
OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry sessionRegistry) {
OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry oidcSessionRegistry) {
OidcBackChannelLogoutHandler logoutHandler = new OidcBackChannelLogoutHandler(oidcSessionRegistry);
logoutHandler.setSessionCookieName("SESSION");
return logoutHandler;