Calling HttpServletRequest.logout() with single sign-on enabled only works every second time -------------------------------------------------------------------------------------------- Key: WFLY-5484 URL: https://issues.jboss.org/browse/WFLY-5484 Project: WildFly Issue Type: Bug Components: Web (Undertow) Reporter: Richard Janík Assignee: Stuart Douglas Priority: Blocker Fix For: 10.0.0.CR5 Attachments: reproducer-jbeap-1282.zip See "Steps to Reproduce". Logging out from an application only works every second time, e.g. HttpRequestServlet.logout() has to be called twice in order to have any effect This doesn't occur without <single-sign-on/> enabled - logout() has the expected effect. The issue is security related, thus I'm adding our security team members as watchers.