Skip to content

Commit b02d7b3

Browse files
patrickharriscatalyst1monkeyiq
patrickharriscatalyst1
and
monkeyiq
authored
Destroy session cookies on logout (#2278)
* Destroy session cookies on logout * Update ServiceProvider.php * We can use $this->session here The active session is passed to the ctor by Symfony for us. It is not an optional (?) arg so we don't have to deref check. * lint --------- Co-authored-by: monkeyiq <monkeyiq@gmail.com>
1 parent 42eaad2 commit b02d7b3

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

modules/saml/src/Controller/ServiceProvider.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -579,6 +579,10 @@ public function singleLogoutService(Request $request, string $sourceId): Respons
579579

580580
$state = $this->authState::loadState($relayState, 'saml:slosent');
581581
$state['saml:sp:LogoutStatus'] = $message->getStatus();
582+
583+
// Destroy session cookies.
584+
$this->session->updateSessionCookies(['expire' => true]);
585+
582586
return $source::completeLogout($state);
583587
} elseif ($message instanceof LogoutRequest) {
584588
Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId);

0 commit comments

Comments
 (0)