spring-projects · jzheaux · Mar 7, 2025 · Feb 17, 2025
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/logout.adoc
@@ -242,7 +242,7 @@ This means that it will only terminate sessions whose Client matches the `aud` c
 One notable part of this architecture's implementation is that it propagates the incoming back-channel request internally for each corresponding session.
 Initially, this may seem unnecessary.
 However, recall that the Servlet API does not give direct access to the `HttpSession` store.
-By making an internal logout call, the corresponding session can now be validated.
+By making an internal logout call, the corresponding session can now be invalidated.
 
 Additionally, forging a logout call internally allows for each set of ``LogoutHandler``s to be run against that session and corresponding `SecurityContext`.
 
@@ -299,7 +299,7 @@ Java::
 [source=java,role="primary"]
 ----
 @Bean
-OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry sessionRegistry) {
+OidcBackChannelLogoutHandler oidcLogoutHandler(OidcSessionRegistry oidcSessionRegistry) {
     OidcBackChannelLogoutHandler logoutHandler = new OidcBackChannelLogoutHandler(oidcSessionRegistry);
     logoutHandler.setSessionCookieName("SESSION");
     return logoutHandler;