crowd.token_key not removed if Crowd session is expired

Summary

When utilizing Crowd SSO auth to Confluence, the crowd.token_key cookie is not removed if a user's Crowd session is expired.

Steps to Reproduce

1. Configure a Crowd Server
2. Integrate Confluence with Crowd using the SSO Seraph authenticator
3. Authenticate to Confluence as a Crowd user, view browser cookies and observe presence of crowd.token_key cookie
4. Forcibly expire the user's session in Crowd
5. Wait for the Crowd session.validationinterval value to expire (2 minutes by default)
6. Try to load a Confluence page, you should be logged out and redirected to login page
7. Refresh and view cookies, observe that the crowd.token_key cookie is still present.

Expected Results

The cookie should be removed from subsequent requests, as it is with Bitbucket.

Actual Results

Cookie persists, and each attempt to load the page before re-authenticating will perform a POST call to the Crowd server for a no-longer extant Crowd session, e.g.:

http://ssotest.private:8095/crowd/rest/usermanagement/1/session/Ew68GQY0DZYVT8W9A0UzDA00
404 - Not Found

Confluence will retry the request 4x+ times before user is redirected to a login page.

Confluence should also remove the cookie when it performs the redirect.