I use the following security configuration for my Spring boot app:

我对 Spring boot 应用程序使用以下安全配置：

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .csrf().disable()
        .authorizeRequests()
            .antMatchers("/login").permitAll()
        .and()
        .authorizeRequests()
            .antMatchers("/signup").permitAll()
        .and()
        .authorizeRequests()
            .anyRequest().authenticated()
        .and()
            .logout().logoutUrl("/logout").logoutSuccessUrl("/login").deleteCookies("auth_code").invalidateHttpSession(true)
        .and()
        // We filter the api/signup requests
        .addFilterBefore(
            new JWTSignupFilter("/signup", authenticationManager(),
                    accountRepository, passwordEncoder),
            UsernamePasswordAuthenticationFilter.class)
        // We filter the api/login requests
        .addFilterBefore(
            new JWTLoginFilter("/login", authenticationManager()),
            UsernamePasswordAuthenticationFilter.class)
        // And filter other requests to check the presence of JWT in
        // header
        .addFilterBefore(new JWTAuthenticationFilter(userDetailsServiceBean()),
            UsernamePasswordAuthenticationFilter.class);
} 

When I do the logout, I want to delete the cookie which was set during the login. I use deleteCookie, but in the header there's no notion of deleting the cookie which was set during the login. Why ?

当我注销时，我想删除在登录期间设置的 cookie。我使用deleteCookie，但在标题中没有删除登录期间设置的 cookie 的概念。为什么 ？

How should I tell the browser to delete the cookie ?

我应该如何告诉浏览器删除 cookie？

Right now, the header for the response contains :

现在，响应的标头包含：

Set-Cookie →JSESSIONID=E4060381B435217F7D68EAAE82903BB0;path=/;Secure;HttpOnly

Should I set the expiration time for the cookie to a date past the current date ?

我应该将 cookie 的过期时间设置为当前日期之后的日期吗？