diff --git a/server/impl/src/main/java/com/walmartlabs/concord/server/security/rememberme/ConcordRememberMeManager.java b/server/impl/src/main/java/com/walmartlabs/concord/server/security/rememberme/ConcordRememberMeManager.java
index 76bc050e32..d081c669a6 100644
--- a/server/impl/src/main/java/com/walmartlabs/concord/server/security/rememberme/ConcordRememberMeManager.java
+++ b/server/impl/src/main/java/com/walmartlabs/concord/server/security/rememberme/ConcordRememberMeManager.java
@@ -35,7 +35,9 @@
 import javax.inject.Inject;
 import javax.inject.Named;
 import javax.servlet.http.HttpServletRequest;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.Optional;
 import java.util.stream.Stream;
 
 /**
@@ -84,12 +86,14 @@ protected void forgetIdentity(Subject subject) {
         }
 
         // delete the "remember me" cookie only if it is present
-        HttpServletRequest request = WebUtils.getHttpRequest(subject);
+        var request = WebUtils.getHttpRequest(subject);
         var rememberMeCookieName = getCookie().getName();
-        if (Stream.of(request.getCookies())
-                .anyMatch(cookie -> cookie.getName().equals(rememberMeCookieName))) {
-            super.forgetIdentity(subject);
-        }
+
+        Optional.ofNullable(request.getCookies()).stream()
+                .flatMap(Arrays::stream)
+                .filter(cookie -> cookie.getName().equals(rememberMeCookieName))
+                .findFirst()
+                .ifPresent(cookie -> super.forgetIdentity(subject));
     }
 
     private static class PrincipalCollectionSerializer implements Serializer<PrincipalCollection> {