diff -r 624c1fa5299c src/org/openbravo/service/web/BaseWebServiceServlet.java
--- a/src/org/openbravo/service/web/BaseWebServiceServlet.java	Tue May 30 15:17:57 2017 +0200
+++ b/src/org/openbravo/service/web/BaseWebServiceServlet.java	Tue May 30 17:07:19 2017 +0200
@@ -26,6 +26,7 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.apache.log4j.Logger;
 import org.openbravo.authentication.AuthenticationException;
@@ -91,20 +92,27 @@
       return;
     }
 
-    if (userId != null) {
-      log.debug("WS accessed by userId " + userId);
-      OBContext.setOBContext(UserContextCache.getInstance().getCreateOBContext(userId));
-      OBContext.setOBContextInSession(request, OBContext.getOBContext());
-
-      doService(request, response);
+    try {
+      if (userId != null) {
+        log.debug("WS accessed by userId " + userId);
+        OBContext.setOBContext(UserContextCache.getInstance().getCreateOBContext(userId));
+        OBContext.setOBContextInSession(request, OBContext.getOBContext());
 
-    } else {
-      log.debug("WS accessed by unauthenticated user, requesting authentication");
-      // not logged in
-      if (!"false".equals(request.getParameter("auth"))) {
-        response.setHeader("WWW-Authenticate", "Basic realm=\"Openbravo\"");
+        doService(request, response);
+
+      } else {
+        log.debug("WS accessed by unauthenticated user, requesting authentication");
+        // not logged in
+        if (!"false".equals(request.getParameter("auth"))) {
+          response.setHeader("WWW-Authenticate", "Basic realm=\"Openbravo\"");
+        }
+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
       }
-      response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+    } finally {
+      HttpSession session = request.getSession(false);
+      if (session != null) {
+        session.invalidate();
+      }
     }
   }