From 4777a869bc6d27dfa4343342325f526f2916c168 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Thu, 26 Oct 2017 19:21:48 -0500
Subject: [PATCH] Logout at the end of logout method

Issue: gh-4719
---
 .../web/server/authentication/logout/LogoutWebFilter.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
index 70ddcc9308..1ae8d2711b 100644
--- a/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authentication/logout/LogoutWebFilter.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.server.authentication.logout;
 
+import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.util.Assert;
 import reactor.core.publisher.Mono;
 
@@ -68,7 +69,8 @@ public class LogoutWebFilter implements WebFilter {
 
 	private Mono<Void> logout(WebFilterExchange webFilterExchange, Authentication authentication) {
 		return this.serverLogoutHandler.logout(webFilterExchange, authentication)
-			.then(this.serverLogoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication));
+			.then(this.serverLogoutSuccessHandler.onLogoutSuccess(webFilterExchange, authentication))
+			.subscriberContext(ReactiveSecurityContextHolder.clearContext());
 	}
 
 	/**