If you look in the ClientLoginModule.logout method, if restoreloginidentity is true, it pops the subject context from the stack. After that, it removes the last principal from the subject.getPrincipals() set.
A problem can occur when the same principal logs in more than once in a row and then one logs out. Since it is a Set, each principal can appear only once no matter how many times they log in. Here is the sequence:
1. login user "a"; principals set contains one principal ("a").
2. login user "a" again; principals set contains one principal ("a").
3. logout user "a"; the first user "a" is restored but principals set is empty.
Same problem occurs if we login user "a", then "b" and then "a" again.
I have not personally seen an error come up in my system due to this however it seems to me like there are two possibilities here: either is makes no difference what is in the principal set or some code depending on this will have a problem when it turns out that user "a" is currently logged in but the principals set is empty.