With the new logout on user change feature the user token is set to null when a user was changed compared to the one stored in the session. Right now we cannot hook into this step to perform some more clean up tasks like what we can do on manual logouts where we can register custom logout success handler, but we would need to manually wrap the ContextListener instead.

We should find a way to allow this kind of customisation in the ContextListener too to allow for a consistent behaviour between manual and "forced" logouts.