I migrated my application from vaadin 14 to vaadin 23.3.
everything works fine. after logging using spring security the “rememberme” cookie is set, so i dont have to login again when i close and open my browser. however. i am not able to remove the cookie anymore with my CookieUtil after logout. so i stay logged in all the time until i delete the cookie manually in the browser.
did something changed from vaadin 14 to 23 in terms of cookie handling?
in the vaadin documentations i was not able to find any tutorials for cookies and spring security.
here is the code i use to create and delete cookies in vaadin 14.
this is the cookie configuration
ok. seems like the cookie is deleted. but the problem is the new “logout” methode from the class “com.vaadin.flow.spring.security.AuthenticationContext”
when i call “AuthenticationContext.logout” i get redirected to the tomcat root folder (localhost:8080) instead tothe application folder (localhost:8080/myapp/) which leads to this error:
If you configure your app to define the servlet context it’s deployed to, the logout should work as expected
this is the workaround i found: now the cookie is deleted and i dont get redirected to a wrong url.
/**
* Custom logout Method, because AuthenticationContext.logout is not working with tomcat + rememberme cookie
*/
public static void logout() {
HttpServletRequest request = VaadinServletRequest.getCurrent().getHttpServletRequest();
HttpServletResponse response = VaadinServletResponse.getCurrent().getHttpServletResponse();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
var logoutHandler = new CookieClearingLogoutHandler(SecurityConfiguration.REMEMBERME_COOKIE_NAME);
logoutHandler.logout(request, response, auth);
VaadinSession.getCurrent().getSession().invalidate();
};
can you share some details. i dont know where to do this.
it does not help. same error. now even in spring boot and not only on tomcat i see the error page after logout. but thx for trying to help.
it seems like the AuthenticationContext.logout is not working when the application is deployed on tomcat.
It depends how you add your own logout success handler, by default it just does it’s thing 
you can add your own by using addLogoutHandlers in your security config redirecting to the proper path if context path is to broad for you
thx for the help. i think i have it working now. will post the solution after testing.
this is my final solution:
update:
i tested again. and the “rememberme” cookie is not deleted on logout. so the user stays logged in.
still looking for a solution.
( my example is using the old version of the security)
yes, i tried this already. not working in vaadin 23.3
maybe there is some problem with the context path? i am testing the app on tomcat 9.
got it working. the order of configuration was wrong. this is the working version.
