7 years ago · 7e6ed52603
--- a/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
+++ b/web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
@@ -22,7 +22,6 @@ import javax.servlet.http.HttpServletResponse;
 
				 
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.util.Assert;
			
 
				-import org.springframework.util.StringUtils;
			
 
				 
			
 
				 /**
			
 
				  * A logout handler which clears a defined list of cookies, using the context path as the
			
@@ -43,10 +42,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 
				 			Authentication authentication) {
			
 
				 		for (String cookieName : cookiesToClear) {
			
 
				 			Cookie cookie = new Cookie(cookieName, null);
			
 
				-			String cookiePath = request.getContextPath();
			
 
				-			if (!StringUtils.hasLength(cookiePath)) {
			
 
				-				cookiePath = "/";
			
 
				-			}
			
 
				+			String cookiePath = request.getContextPath() + "/";
			
 
				 			cookie.setPath(cookiePath);
			
 
				 			cookie.setMaxAge(0);
			
 
				 			response.addCookie(cookie);
			
--- a/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
@@ -55,7 +55,8 @@ public class CookieClearingLogoutHandlerTests {
 
				 		handler.logout(request, response, mock(Authentication.class));
			
 
				 		assertThat(response.getCookies()).hasSize(2);
			
 
				 		for (Cookie c : response.getCookies()) {
			
 
				-			assertThat(c.getPath()).isEqualTo("/app");
			
 
				+			// gh-2325
			
 
				+			assertThat(c.getPath()).isEqualTo("/app/");
			
 
				 			assertThat(c.getMaxAge()).isZero();
			
 
				 		}
			
 
				 	}