Is it possible to invalidate a spring security session?
You can’t usually invalidate a user session(s) immediately you change their account information without resorting to a container specific API, since the only way to access the HttpSession is through the HttpServletRequest object. Instead you can cache the username in an in-memory store and consult it either in a filter or a custom AccessDecisionVoter. Using … Read more