diff --git a/samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml
index d76dbdc9c8..c79478c922 100644
--- a/samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/xml/openid/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -16,7 +16,7 @@
 		<intercept-url pattern="/css/*" access="permitAll"/>
 		<intercept-url pattern="/js/*" access="permitAll"/>
 		<intercept-url pattern="/**" access="authenticated"/>
-		<logout/>
+		<logout logout-success-url="/"/>
 		<openid-login login-page="/openidlogin.jsp" user-service-ref="registeringUserService"
 				authentication-failure-url="/openidlogin.jsp?login_error=true">
 			<attribute-exchange identifier-match="https://www.google.com/.*">
diff --git a/samples/xml/openid/src/main/webapp/index.jsp b/samples/xml/openid/src/main/webapp/index.jsp
index f78494ccef..868f99600e 100644
--- a/samples/xml/openid/src/main/webapp/index.jsp
+++ b/samples/xml/openid/src/main/webapp/index.jsp
@@ -1,3 +1,4 @@
+<%@ page import="org.springframework.security.web.csrf.CsrfToken" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 
@@ -27,6 +28,11 @@ by the application and will be recognized if you return.
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>
 </p>
-<p><a href="logout">Logout</a>
+<% CsrfToken token = (CsrfToken) request.getAttribute(CsrfToken.class.getName()); %>
+<form id="logout" method="post" action="logout">
+    <input type="hidden" name="<%= token.getParameterName() %>"
+           value="<%= token.getToken() %>"/>
+</form>
+<p><a href="#" onclick="document.forms[0].submit()">Logout</a></p>
 </body>
 </html>