Hi Marcus, I'm not sure I understand the problem. This is the expected config/use case:
[main] #any url will do - redirect them to login after logout: logout.redirectUrl = /login [urls] /logout = logout The LogoutFilter doesn't ever check to see if the request should continue - it always calls subject.logout() and then redirects to the 'redirectView'. Source: http://svn.apache.org/repos/asf/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/LogoutFilter.java HTH, Les On Thu, Aug 2, 2012 at 4:50 AM, Marcus Bond <[email protected]> wrote: > Has anyone else tried using the Logout filter in 1.2?**** > > ** ** > > I notice that if the redirectUrl is configured as a secure page then > despite going to the logout the secure page is shown, however an immediate > refresh of the secure page is not permitted and the user is sent to the > login page. So it seems that at one more page view can be achieved after > what would be considered to be a logout..**** >
