# LogoutSpring Security provides a logout endpoint by default.Once logged in, you can `GET /logout` to see a default logout confirmation page, or you can `POST /logout` to initiate logout.This will:* clear the `ServerCsrfTokenRepository`, `ServerSecurityContextRepository`, and* redirect back to the login pageOften, you will want to also invalidate the session on logout.To achieve this, you can add the `WebSessionServerLogoutHandler` to your logout configuration, like so:```@BeanSecurityWebFilterChain http(ServerHttpSecurity http) throws Exception { DelegatingServerLogoutHandler logoutHandler = new DelegatingServerLogoutHandler( new WebSessionServerLogoutHandler(), new SecurityContextServerLogoutHandler() ); http .authorizeExchange((exchange) -> exchange.anyExchange().authenticated()) .logout((logout) -> logout.logoutHandler(logoutHandler)); return http.build();}```