Closed
Description
# Symfony/Component/Security/Http/Firewall/LogoutListener.php
// handle multiple logout attempts gracefully
if ($token = $this->securityContext->getToken()) {
foreach ($this->handlers as $handler) {
$handler->logout($request, $response, $token);
}
}
$token is null when stateless is true because ContextListener will not be added to listeners.
# Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
// Context serializer listener
if (false === $firewall['stateless']) {
$contextKey = $id;
if (isset($firewall['context'])) {
$contextKey = $firewall['context'];
}
$listeners[] = new Reference($this->createContextListener($container, $contextKey));
}
Is this a desirable behavior?
Metadata
Metadata
Assignees
Labels
No labels