Jetty Insufficient Session Expiration Vulnerability - CVE-2021-34428

For Eclipse Jetty versions lt 9.4.40 lt 10.0.2 lt 11.0.2 if an exception is thrown from the SessionListenersessionDestroyed() method then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.