}
@Override
public void logout() throws ServletException {
SecurityContext sc = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
sc.logout();
if(servletContext.getDeployment().getDeploymentInfo().isInvalidateSessionOnLogout()) {
HttpSession session = getSession(false);
if(session != null) {
session.invalidate();
}