How to programmatically logout with Spring Security Persistent Token Based RememberMe Services

Question

Am using Spring Data REST and Spring Security in my project. AM using Persistent Token Based Remember Me services of Spring security to remember logged in users and I am trying to invalidate the session and remove data from repository and cookie for the request programmatically. I have tried the following code but worked just for that request and again if another request is raised its getting authenticated again. How to remove cookie from Database and browser after invalidating the session.

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null){    
    new SecurityContextLogoutHandler().logout(request, response, auth);
    new PersistentTokenBasedRememberMeServices().logout(request, response, auth);
}
SecurityContextHolder.getContext().setAuthentication(null);

Is it possible to invalidate and remove session which uses PersistentTokenBasedRememberme services of spring security? Anything extra I have to use for removing the cookie or else?

Answer 1

you need to dependency-inject rememberMeServices. This should work:

def rememberMeServices

def yourAction(){

    SecurityContextHolder.clearContext(); //invalidates auth
    rememberMeServices.logout(request, response, null) // removes rememberMe cookie

}