@RequestMapping("logout.form")
  public String logoutUser(
      ModelMap model,
      HttpSession session,
      HttpServletRequest request,
      HttpServletResponse response) {

    try {

      Context.logout();

      session.removeAttribute(WebConstants.OPENMRS_USER_CONTEXT_HTTPSESSION_ATTR);
      session.setAttribute(WebConstants.OPENMRS_MSG_ATTR, "auth.logged.out");
      session.setAttribute(
          WebConstants.OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, request.getContextPath());
      session.invalidate();

      return "redirect:login.form";

    } catch (Exception e) {
      // TODO
      log.error("Uexpected auth error", e);
    }

    return "redirect:login.form";
  }
  /**
   * @verifies return unauthorized if not logged in
   * @see BaseRestController#apiAuthenticationExceptionHandler(Exception,
   *     javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
   */
  @Test
  public void apiAuthenticationExceptionHandler_shouldReturnUnauthorizedIfNotLoggedIn()
      throws Exception {
    Context.logout();

    controller.apiAuthenticationExceptionHandler(
        new APIAuthenticationException(), request, response);

    assertThat(response.getStatus(), is(HttpServletResponse.SC_UNAUTHORIZED));
  }
  /**
   * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
   *     javax.servlet.http.HttpServletResponse)
   */
  @Override
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {

    HttpSession httpSession = request.getSession();

    Context.logout();

    response.sendRedirect(request.getContextPath() + "/index.htm?noredirect=true");

    // clears attributes and makes sure that no one can access this session
    httpSession.invalidate();
  }
 public void logout() {
   Context.logout();
 }