CookieClearingLogoutHandler adds uses contextPath + "/"

Fixes: gh-2325

web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java

@@ -22,7 +22,6 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
 
 /**
  * A logout handler which clears a defined list of cookies, using the context path as the
@@ -43,10 +42,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
 			Authentication authentication) {
 		for (String cookieName : cookiesToClear) {
 			Cookie cookie = new Cookie(cookieName, null);
-			String cookiePath = request.getContextPath();
-			if (!StringUtils.hasLength(cookiePath)) {
-				cookiePath = "/";
-			}
+			String cookiePath = request.getContextPath() + "/";
 			cookie.setPath(cookiePath);
 			cookie.setMaxAge(0);
 			response.addCookie(cookie);

web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java

@@ -55,7 +55,8 @@ public class CookieClearingLogoutHandlerTests {
 		handler.logout(request, response, mock(Authentication.class));
 		assertThat(response.getCookies()).hasSize(2);
 		for (Cookie c : response.getCookies()) {
-			assertThat(c.getPath()).isEqualTo("/app");
+			// gh-2325
+			assertThat(c.getPath()).isEqualTo("/app/");
 			assertThat(c.getMaxAge()).isZero();
 		}
 	}