Im using Spring Security reactive with Spring Session Redis. For custom logout handler, I read Spring Security doc.
new DelegatingServerLogoutHandler(
new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler()
);
Is there a required order for the execution of logout handlers?
In my project, if WebSessionServerLogoutHandler is executed first, will occur session was invalidated.
If SecurityContextServerLogoutHandler is executed first then it's fine.
Is that Spring Security's problem or Spring Session's problem?