Use HttpServletRequest logout method for programmatic security logout in Servlet 3.0

Before the Servlet 3.0 specification, the session.invalidate() method was provided to clear out session data and was frequently used for a programmatic logout.

Starting with the Java EE 6 Servlet 3.0 specification, the HttpServletRequest.logout() method was added to invalidate the security context.

Use both of these methods to clear the session data and the security context when doing a programmatic logout.

For more information, see HttpServletRequest.