Logs out this Subject and invalidates and/or removes any associated entities,
such as a {@link Session Session} and authorization data. After this method is called, the Subject is
considered 'anonymous' and may continue to be used for another log-in if desired.
<h3>Web Environment Warning</h3>
Calling this method in web environments will usually remove any associated session cookie as part of
session invalidation. Because cookies are part of the HTTP header, and headers can only be set before the
response body (html, image, etc) is sent, this method in web environments must be called before <em>any</em>
content has been rendered.
<p/>
The typical approach most applications use in this scenario is to redirect the user to a different
location (e.g. home page) immediately after calling this method. This is an effect of the HTTP protocol
itself and not a reflection of Shiro's implementation.
<p/>
Non-HTTP environments may of course use a logged-out subject for login again if desired.
Logs out this Subject and invalidates and/or removes any associated entities, such as a {@link Session Session} and authorization data. After this method is called, the Subject is considered 'anonymous' and may continue to be used for another log-in if desired. <h3>Web Environment Warning</h3> Calling this method in web environments will usually remove any associated session cookie as part of session invalidation. Because cookies are part of the HTTP header, and headers can only be set before the response body (html, image, etc) is sent, this method in web environments must be called before <em>any</em> content has been rendered. <p/> The typical approach most applications use in this scenario is to redirect the user to a different location (e.g. home page) immediately after calling this method. This is an effect of the HTTP protocol itself and not a reflection of Shiro's implementation. <p/> Non-HTTP environments may of course use a logged-out subject for login again if desired.