diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 70087e5302e..b80e42359dd 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -25,6 +25,7 @@ require_relative '../route_matcher'
 class Auth::DefaultCurrentUserProvider
 
   CURRENT_USER_KEY ||= "_DISCOURSE_CURRENT_USER"
+  USER_TOKEN_KEY ||= "_DISCOURSE_USER_TOKEN"
   API_KEY ||= "api_key"
   API_USERNAME ||= "api_username"
   HEADER_API_KEY ||= "HTTP_API_KEY"
@@ -102,6 +103,7 @@ class Auth::DefaultCurrentUserProvider
   def initialize(env)
     @env = env
     @request = Rack::Request.new(env)
+    @user_token = env[USER_TOKEN_KEY]
   end
 
   # our current user, return nil if none is found
@@ -139,7 +141,7 @@ class Auth::DefaultCurrentUserProvider
       limiter = RateLimiter.new(nil, "cookie_auth_#{request.ip}", COOKIE_ATTEMPTS_PER_MIN , 60)
 
       if limiter.can_perform?
-        @user_token = begin
+        @env[USER_TOKEN_KEY] = @user_token = begin
           UserAuthToken.lookup(
             auth_token,
             seen: true,
@@ -263,7 +265,7 @@ class Auth::DefaultCurrentUserProvider
   end
 
   def log_on_user(user, session, cookie_jar, opts = {})
-    @user_token = UserAuthToken.generate!(
+    @env[USER_TOKEN_KEY] = @user_token = UserAuthToken.generate!(
       user_id: user.id,
       user_agent: @env['HTTP_USER_AGENT'],
       path: @env['REQUEST_PATH'],
diff --git a/spec/lib/auth/default_current_user_provider_spec.rb b/spec/lib/auth/default_current_user_provider_spec.rb
index cf8052ebd06..e3e93ee7489 100644
--- a/spec/lib/auth/default_current_user_provider_spec.rb
+++ b/spec/lib/auth/default_current_user_provider_spec.rb
@@ -779,4 +779,21 @@ describe Auth::DefaultCurrentUserProvider do
     expect(provider2.current_user).to eq(user)
     expect(provider2.cookie_jar.encrypted["_t"].keys).to include("user_id", "token") # (strings)
   end
+
+  describe "#log_off_user" do
+    it "should work when the current user was cached by a different provider instance" do
+      user_provider = provider('/')
+      user_provider.log_on_user(user, {}, user_provider.cookie_jar)
+      cookie = CGI.escape(user_provider.cookie_jar["_t"])
+      env = create_request_env(path: "/").merge({ method: "GET", "HTTP_COOKIE" => "_t=#{cookie}" })
+
+      user_provider = TestProvider.new(env)
+      expect(user_provider.current_user).to eq(user)
+      expect(UserAuthToken.find_by(user_id: user.id)).to be_present
+
+      user_provider = TestProvider.new(env)
+      user_provider.log_off_user({}, user_provider.cookie_jar)
+      expect(UserAuthToken.find_by(user_id: user.id)).to be_nil
+    end
+  end
 end