Rewrite LogouFilter class
import org.apache.shiro.web.filter.authc.LogoutFilter; public class ShiroLogoutFilter extends LogoutFilter { @Override protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception { //清除HTTPSession的用户信息 HttpServletRequest httpServletRequest=(HttpServletRequest) request; HttpSession session = httpServletRequest.getSession(); if (session.getAttribute("user")!=null) { session.removeAttribute("user"); } System.out.println ( "= the HTTPSession user data are cleared =" ); return Super .preHandle (HttpServletRequest, Response); } }