crowd.token_key not removed if Crowd session is expired

Summary

When utilizing Crowd SSO auth to Jira, the crowd.token_key cookie is not removed if a user's Crowd session is expired.

Steps to Reproduce

1. Configure a Crowd Server
2. Integrate Jira with Crowd using the SSO Seraph authenticator
3. Authenticate to Jira as a Crowd user, view browser cookies and observe presence of crowd.token_key cookie
4. Forcibly expire the user's session in Crowd
5. Wait for the Crowd session.validationinterval value to expire (2 minutes by default)
6. Try to load a Jira page, you should be logged out and redirected to login page
7. Refresh and view cookies, observe that the crowd.token_key cookie is still present.

Expected Results

The cookie should be removed from subsequent requests, as it is with Bitbucket.

Actual Results

Cookie persists, and each attempt to load the page before re-authenticating will perform a POST call to the Crowd server for a no-longer extant Crowd session, e.g.:

http://ssotest.private:8095/crowd/rest/usermanagement/1/session/Ew68GQY0DZYVT8W9A0UzDA00
404 - Not Found

Jira will retry the POST request 4x+ times before user is redirected to a login page.

Jira should also remove the cookie when it performs the redirect.