The logout handler registration should be reworked -------------------------------------------------- Key: ELY-1819 URL: https://issues.jboss.org/browse/ELY-1819 Project: WildFly Elytron Issue Type: Bug Components: HTTP Reporter: Darran Lofthouse Assignee: Ashley Abdel-Sayed Priority: Major Fix For: 1.9.2.CR1 Presently the logout handler is just a Runnable, the problem with this is if it needs any state it means a lambda or an instance of a class tends to be needed to hold the state e.g. {noformat} private void setupProgramaticLogout(HttpScope sessionScope) { logoutHandlerConsumer.accept(() -> { sessionScope.setAttachment(AUTHENTICATED_IDENTITY_KEY, null); }); } {noformat} It would likely be better for the logout handler to be able to request the scope it needs so maybe pass in the 'org.wildfly.security.http.HttpServerScopes' at the very least.