LogoutHandlers in Spring Security

When are registered LogoutHandlers in Spring Security triggered? Only upon manua开发者_C百科l logout (obvious!) or also when the http session expires?

Not when the session expires.

Example: RememebrMeServices

See the class AbstractRememberMeServices, which also implements LogoutHandler. We use remember me services to keep user logged in until a user explicitly logs out (or until the remember-me cookie expires). Its main purpose is to take care of session expiration issue and it is usually added for users who frequently use the application (for example, administrators or customer service representatives who don't like to login every time their session expires).