playframework PLAY_SESSION remembers URL from page before logout

Question

I 've got implemented SecureSocial module and providing login via that. For different users i ve got mapped different roles and redirect after login is checked in main controller Application.

public class Application extends Controller {

    /**
     * This action only gets called if the user is logged in.
     *
     * @return
     */
    @SecureSocial.SecuredAction
    public static Result index() { 
        User currentUser = User.findByEmail(SecureSocial.currentUser().id().id());
        List<UserRole> userRoles = currentUser.getUserRoles();

        for(UserRole ur : userRoles) {
            if(ur.getRole().equals(RoleEnum.ROLE_EMPLOYEE)) {
                return ok(..);                          
        }
        return ok(home.render());
    }

According to this some pages are denied for role ROLE_EMPLOYEE. But when logout, last url is stored in PLAY_SESSION cookie and after login with user of before meaned role the application is automaticaly redirecting to wrong page. Any ideas what to do with that?

Answer 1

Secure social module remembers session cookie on redirected page /login or /logout. So the solution for this case is making new page which will be redirected after logout. The cookie will be reseted and from this new page, user can be redirected back via button/link/smthg to login with any saved cookie data. It is possible to get some new fix in next release of secure social module.