diff --git a/dlls/secur32/dispatcher.c b/dlls/secur32/dispatcher.c
index b7b9f9d23f9..c150a142ca8 100644
--- a/dlls/secur32/dispatcher.c
+++ b/dlls/secur32/dispatcher.c
@@ -258,7 +258,6 @@ void cleanup_helper(PNegoHelper helper)
         return;
 
     HeapFree(GetProcessHeap(), 0, helper->com_buf);
-    HeapFree(GetProcessHeap(), 0, helper->session_key);
 
     /* closing stdin will terminate ntlm_auth */
     close(helper->pipe_out);
diff --git a/dlls/secur32/ntlm.c b/dlls/secur32/ntlm.c
index 8cc206df8c4..2b3c02d00f0 100644
--- a/dlls/secur32/ntlm.c
+++ b/dlls/secur32/ntlm.c
@@ -690,8 +690,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_InitializeSecurityContextW(
             }
             TRACE("Session key is %s\n", debugstr_a(buffer+3));
             helper->valid_session_key = TRUE;
-            if(!helper->session_key)
-                helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
+            helper->session_key = HeapAlloc(GetProcessHeap(), 0, bin_len);
             if(!helper->session_key)
             {
                 TRACE("Failed to allocate memory for session key\n");
@@ -1036,8 +1035,7 @@ static SECURITY_STATUS SEC_ENTRY ntlm_AcceptSecurityContext(
                 }
                 TRACE("Session key is %s\n", debugstr_a(buffer+3));
                 helper->valid_session_key = TRUE;
-                if(!helper->session_key)
-                    helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
+                helper->session_key = HeapAlloc(GetProcessHeap(), 0, 16);
                 if(!helper->session_key)
                 {
                     TRACE("Failed to allocate memory for session key\n");
@@ -1081,20 +1079,22 @@ static SECURITY_STATUS SEC_ENTRY ntlm_CompleteAuthToken(PCtxtHandle phContext,
  */
 static SECURITY_STATUS SEC_ENTRY ntlm_DeleteSecurityContext(PCtxtHandle phContext)
 {
-    SECURITY_STATUS ret;
+    PNegoHelper helper;
 
     TRACE("%p\n", phContext);
-    if (phContext)
-    {
-        phContext->dwUpper = 0;
-        phContext->dwLower = 0;
-        ret = SEC_E_OK;
-    }
-    else
-    {
-        ret = SEC_E_INVALID_HANDLE;
-    }
-    return ret;
+    if (!phContext)
+        return SEC_E_INVALID_HANDLE;
+
+    helper = (PNegoHelper)phContext->dwLower;
+
+    phContext->dwUpper = 0;
+    phContext->dwLower = 0;
+
+    SECUR32_arc4Cleanup(helper->crypt.ntlm.a4i);
+    HeapFree(GetProcessHeap(), 0, helper->session_key);
+    helper->valid_session_key = FALSE;
+
+    return SEC_E_OK;
 }
 
 /***********************************************************************
diff --git a/dlls/secur32/secur32_priv.h b/dlls/secur32/secur32_priv.h
index d2002fdf268..8a6a290cc22 100644
--- a/dlls/secur32/secur32_priv.h
+++ b/dlls/secur32/secur32_priv.h
@@ -139,6 +139,7 @@ SECURITY_STATUS SECUR32_CreateNTLMv1SessionKey(PBYTE password, int len, PBYTE se
 arc4_info *SECUR32_arc4Alloc(void);
 void SECUR32_arc4Init(arc4_info *a4i, const BYTE *key, unsigned int keyLen);
 void SECUR32_arc4Process(arc4_info *a4i, BYTE *inoutString, unsigned int length);
+void SECUR32_arc4Cleanup(arc4_info *a4i);
 
 /* NTLMSSP flags indicating the negotiated features */
 #define NTLMSSP_NEGOTIATE_UNICODE                   0x00000001