Add Logout
Logging out of an application is just as important as logging in. Leaving a session open for too long or failing to properly close it can lead to serious security risks.
Since Vaadin uses Spring Security for authentication, it also relies on it for logging out and session invalidation.
Vaadin Logout vs. Spring Logout
In a traditional Spring web application, logging out requires sending a POST request to /logout, which must include Spring’s CSRF token. However, Vaadin applications use their own CSRF protection mechanism, making this approach difficult to implement. Additionally, since Flow views run on the server, they don’t interact with HTTP requests directly.
Vaadin provides a dedicated logout API that makes it easy to log out from both Flow and Hilla views. Follow the guides below based on your application type: