I'm currently developping an application with Quarkus usig an http form authentication. After reading "Form based authentication" page (https://quarkus.io/guides/security-built-in-authentication) I'm facing an issue with the logout stage. The documentation does not mention any option to logout the current session.
As Quarkus internally uses Vert.x, I tried the following:
@Path("/auth")
public class AuthController {
@LoggerName("AuthController")
Logger log;
@ConfigProperty(name = "quarkus.http.auth.form.cookie-name")
String COOKIE_NAME;
@ConfigProperty(name = "quarkus.http.auth.form.location-cookie")
String REDIRECT_COOKIE_NAME;
@ConfigProperty(name = "quarkus.http.auth.form.login-page")
String LOGIN_PAGE;
@GET
@Path("/logout")
public void logout(@Context RoutingContext ctx) {
var c1 = ctx.removeCookie(COOKIE_NAME);
var c2 = ctx.removeCookie(REDIRECT_COOKIE_NAME);
log.info(String.format("c1 = %s, c2 = %s", c1.getName(), c2.getName()));
ctx.redirect(LOGIN_PAGE);
}
}
This does not works like expected. The log.info logs well ([AuthController] (executor-thread-0) c1 = MyCookieName, c2 = quarkus-redirect-location) and the redirection works fine. However the session persists.
How can i fixed it ?
Thanks for the help,