Even though session can be taken from request, it seems to be invalidated in undertow's InMemorySessionManager. Please find the logs:
IllegalStateException: UT000021: Session already invalidated
at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:375)
at io.undertow.server.session.InMemorySessionManager$SessionImpl.invalidate(InMemorySessionManager.java:365)
at io.undertow.servlet.spec.HttpSessionImpl.invalidate(HttpSessionImpl.java:197)
at org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler.logout(SecurityContextLogoutHandler.java:65)
Can we just recheck if the undertow session is invalidated or not before Spring's SecurityContextLogoutHandler invalidates the session? I need this IllegalStateException not to occur.
