SEC-1544: Update the tutorial sample to attempt to delete the JSESSIONID cookie on logout.

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -30,7 +30,7 @@
           -->
         <intercept-url pattern="/**" access="permitAll" />
         <form-login />
-        <logout logout-success-url="/loggedout.jsp"/>
+        <logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
         <remember-me />
 <!--
     Uncomment to enable X509 client authentication support

samples/tutorial/src/main/webapp/index.jsp

@@ -1,4 +1,5 @@
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+<%@page session="false" %>
 <html>
 <body>
 <h1>Home Page</h1>

samples/tutorial/src/main/webapp/loggedout.jsp

@@ -1,14 +1,6 @@
 <%@page session="false" %>
 <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 
-
-<%
-    Cookie cookie = new Cookie("JSESSIONID", null);
-    cookie.setPath(request.getContextPath());
-    cookie.setMaxAge(0);
-    response.addCookie(cookie);
-%>
-
 <html>
 <head>
 <title>Logged Out</title>