Skip to content

Symfony 6.4 custom logout "Unable to logout with CSRF token validation" #58311

New issue
New issue
Closed as not planned
Closed as not planned
Symfony 6.4 custom logout "Unable to logout with CSRF token validation"#58311
Labels
BugSecurityStatus: Needs ReviewStatus: Waiting feedback
@valeriy-efimov

Description

@valeriy-efimov
valeriy-efimov
opened on Sep 18, 2024

Symfony version(s) affected

6.4.10

Description

I'm trying to add a custom logout route using the documentation. https://symfony.com/doc/6.4/security.html#logout-programmatically

But i can't logout because faced with error "Unable to logout with CSRF token validation"

I don`t want use $security->logout(false); without CSRF protection

How to reproduce

namespace App\Controller\SecurityController;

use Symfony\Bundle\SecurityBundle\Security;
use Symfony\Component\Routing\Attribute\Route;

class SecurityController
{
    #[Route(path: '/logout', name: 'logout')]
    public function someAction(Security $security): Response
    {
        $response = $security->logout();

        return $this->redirectToRoute('login');  
    }
}

<a href="{{ path('logout', {'token' : csrf_token('logout')}) }}">

Possible Solution

No response

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugSecurityStatus: Needs ReviewStatus: Waiting feedback

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions