public function logout(Request $request)
{
$response = new Response();
// Manually clear the session through session storage.
// Session::invalidate() is not called on purpose, to avoid unwanted session migration that would imply
// generation of a new session id.
// REST logout must indeed clear the session cookie.
// See \eZ\Publish\Core\REST\Server\Security\RestLogoutHandler
$this->sessionStorage->clear();
$token = $this->tokenStorage->getToken();
foreach ($this->logoutHandlers as $handler) {
// Explicitly ignore SessionLogoutHandler as we do session invalidation manually here,
// through the session storage, to avoid unwanted session migration.
if ($handler instanceof SessionLogoutHandler) {
continue;
}
$handler->logout($request, $response, $token);
}
return $response;
}
/**
* Clear all session data in memory.
*/
public function clear()
{
$this->innerSessionStorage->clear();
}
/**
* {@inheritdoc}
*/
public function invalidate($lifetime = null)
{
$this->storage->clear();
return $this->migrate(true, $lifetime);
}
/**
* {@inheritdoc}
*/
public function invalidate()
{
$this->storage->clear();
return $this->storage->regenerate(true);
}
/**
* @inheritdoc
*/
public function clear()
{
$this->replaceSessionId();
return $this->decorated->clear();
}
