Spring Security Remove all remembered tokens by just logging out from one device

Summary

By logging out the PersistentTokenBasedRememberMeServices removes all the tokens from database that are tied to that username without considering the device he wants to logout.

Actual Behavior

1. Login browser 1
2. A cookie is created on the browser
3. A remember me token is created in the database for that username
4. Login browser 2
5. A cookie is created on the browser
6. A new remember me token is created in the database for that username
7. Logout browser 1
8. The cookie is deleted from the browser
9. All the tokens are deleted from databases for that username regardless of their browser
10. User tries to use the cookie on the second browser but the corresponding token is missing

Expected Behavior

On step 9 only the token corresponding to that session and cookie should be deleted

Configuration

No custom configuration

Version

4.2.3.RELEASE

Comment From: tqchu

Did you solve the issue? I have the same issue in Spring Security 5.7.4