Alex (Migrated from SEC-1554) said:
I'm using a listener for InteractiveAuthenticationSuccessEvent to handle application logic to do when the user logs in (e.g.: increment his logins), and it would be great to have an equivalent event on logout, for example a InteractiveAuthenticationLogoutEvent.
Now the solution is a little cumbersome and includes developing a custom logoutfilter
Luke Taylor said:
Can you explain the actual use case, please? In most cases a SessionDestroyedEvent would be used since it is more reliable, covering both logouts and the situation where the user forgets to logout and the session expires.
Actually that was exactly what I was looking for, I made a lot of research but I was unable to find any mention of it, even now that I know his existence I'm unable to find a complete example on the web.
Please accept my apology and close the bug as invalid.
The basic functionality is provided by the servlet spec - you can add a listener in your web.xml which will allow you to detect sesson-related events. Spring Security has a class called HttpSessionEventPublisher which translates these events into ApplicationContext events.