public function logout(Request $request) { $response = new Response(); // Manually clear the session through session storage. // Session::invalidate() is not called on purpose, to avoid unwanted session migration that would imply // generation of a new session id. // REST logout must indeed clear the session cookie. // See \eZ\Publish\Core\REST\Server\Security\RestLogoutHandler $this->sessionStorage->clear(); $token = $this->tokenStorage->getToken(); foreach ($this->logoutHandlers as $handler) { // Explicitly ignore SessionLogoutHandler as we do session invalidation manually here, // through the session storage, to avoid unwanted session migration. if ($handler instanceof SessionLogoutHandler) { continue; } $handler->logout($request, $response, $token); } return $response; }
/** * Clear all session data in memory. */ public function clear() { $this->innerSessionStorage->clear(); }
/** * {@inheritdoc} */ public function invalidate($lifetime = null) { $this->storage->clear(); return $this->migrate(true, $lifetime); }
/** * {@inheritdoc} */ public function invalidate() { $this->storage->clear(); return $this->storage->regenerate(true); }
/** * @inheritdoc */ public function clear() { $this->replaceSessionId(); return $this->decorated->clear(); }