Java Shiro会话注销不工作

我在一个项目中工作，我们使用ApacheShiro进行安全保护。 现在，我不确定问题是在Shrio配置中还是在其他地方

发生的情况是，当用户输入凭据并通过基本身份验证时，用户名和密码的值将保留，直到浏览器关闭。我已经在Firefox和Chrome中尝试过了，这是同样的行为

据我所知，这听起来像是Shiro的“RememberMe”功能，但我“认为”我已经关闭了它

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    UsernamePasswordToken upToken = (UsernamePasswordToken) token;
    logger.info("Remember Me active ? {}", upToken.isRememberMe());

印刷品： 09:44:00323信息[TestRealm]还记得我处于活动状态吗？假的

我还尝试使用Shiro.ini文件中配置的Shiro注销

[main]
...
logout.redirectUrl = /logout.jsp

...
[url]
/logout = logout

logout.jsp如下所示：

<%@ page import="org.apache.shiro.SecurityUtils" %>
<% SecurityUtils.getSubject().logout();%>
You have succesfully logged out.

最好的，

---

Henrik

配置中一定存在一些问题，您可以从中尝试演示应用程序并检查其是否有效

[main]
authBasicRealm = se.test.TestRealm
securityManager.realms = $authBasicRealm
#builtInCacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
#securityManager.cacheManager = $builtInCacheManager

sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
#securityManager.sessionManager.sessionIdCookieEnabled = false

# cookie for single sign on 
cookie = org.apache.shiro.web.servlet.SimpleCookie 
cookie.name = test.session
cookie.path = /test
cookie.maxAge = 60
#cookie.secure = true
cookie.httpOnly = false
sessionManager.sessionIdCookie = $cookie

sessionDAO = org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO
sessionManager.sessionDAO = $sessionDAO

securityManager.sessionManager = $sessionManager

logout.redirectUrl = /logout.jsp

[users]
# format: username = password, role1, role2, ..., roleN
admin = admin, 4
user = user, 2
[roles]
admin = *
user = *
#User Get Specified
1 = 1
#User Get All
2 = 1
#Create Put Update
3 = 2:*
#Admin
4 = admin:*
test = 2:*
[urls]
/logout = logout
/** = authcBasic