Skip to content

Commit

Permalink
Update logout.adoc
Browse files Browse the repository at this point in the history 
typos

Signed-off-by: Juha-1 <[email protected]>
  • Loading branch information
@Juha-1 @jzheaux
Juha-1 authored and jzheaux committed Mar 7, 2025
1 parent 47630ca commit 19a5a9c
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,7 +242,7 @@ This means that it will only terminate sessions whose Client matches the `aud` c
One notable part of this architecture's implementation is that it propagates the incoming back-channel request internally for each corresponding session.
Initially, this may seem unnecessary.
However, recall that the Servlet API does not give direct access to the `HttpSession` store.
By making an internal logout call, the corresponding session can now be validated.
By making an internal logout call, the corresponding session can now be invalidated.

Additionally, forging a logout call internally allows for each set of ``LogoutHandler``s to be run against that session and corresponding `SecurityContext`.

Expand Down Expand Up @@ -299,7 +299,7 @@ Java::
[source=java,role="primary"]
----
@Bean
OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry sessionRegistry) {
OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry oidcSessionRegistry) {
OidcBackChannelLogoutHandler logoutHandler = new OidcBackChannelLogoutHandler(oidcSessionRegistry);
logoutHandler.setSessionCookieName("SESSION");
return logoutHandler;
Expand Down

0 comments on commit 19a5a9c

Please sign in to comment.