You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/modules/ROOT/pages/servlet/authentication/logout.adoc
+2
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,8 @@ When you include {spring-boot-reference-url}using.html#using.build-systems.start
24
24
If you request `GET /logout`, then Spring Security displays a logout confirmation page.
25
25
Aside from providing a valuable double-checking mechanism for the user, it also provides a simple way to provide xref:servlet/exploits/csrf.adoc[the needed CSRF token] to `POST /logout`.
26
26
27
+
Please note that if xref:servlet/exploits/csrf.adoc[CSRF protection] is disabled in configuration, no logout confirmation page is shown to the user and the logout is performed directly.
28
+
27
29
[TIP]
28
30
In your application it is not necessary to use `GET /logout` to perform a logout.
29
31
So long as xref:servlet/exploits/csrf.adoc[the needed CSRF token] is present in the request, your application can simply `POST /logout` to induce a logout.
0 commit comments