invalidate Session StorefrontAuthenticationSuccessHandler

 protected void invalidateSession(final HttpServletRequest request, final HttpServletResponse response) throws IOException

{

SecurityContextHolder.getContext().setAuthentication(null);

request.getSession().invalidate();

response.sendRedirect(request.getContextPath());

}