I make an application where you can register and leave messages, but faced with the problem of incorrect display of the name of the person who created the message.
As far as I understand, the essence of the problem is that when logout only the security context responsible for http is deleted, the websocket connection remains intact and, if not overloading the page, go to another account, then the message is sent under a different name.
I searched Spring for an answer on this question, but my level is not so high to understand how to use what is written there.
Maybe there is just a way to break the websocket connection after the output?
Websocket configuration:
@Configuration @EnableScheduling @EnableWebSocketMessageBroker public class WebSocketSecurityConfig extends AbstractSecurityWebSocketMessageBrokerConfigurer { @Override protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) { messages .simpDestMatchers("/*").permitAll(); } @Override public void configureMessageBroker(MessageBrokerRegistry registry) { registry.enableSimpleBroker("/section"); registry.setApplicationDestinationPrefixes("/app"); registry.setUserDestinationPrefix("/user"); } @Override public void registerStompEndpoints(StompEndpointRegistry registry) { registry .addEndpoint("/forum") .setAllowedOrigins("*") .withSockJS(); } @Override protected boolean sameOriginDisabled() { //disable CSRF for websockets for now... return true; } } 