public function logout(Request $request)
{
$response = new Response();
// Manually clear the session through session storage.
// Session::invalidate() is not called on purpose, to avoid unwanted session migration that would imply
// generation of a new session id.
// REST logout must indeed clear the session cookie.
// See \eZ\Publish\Core\REST\Server\Security\RestLogoutHandler
$this->sessionStorage->clear();
$token = $this->tokenStorage->getToken();
foreach ($this->logoutHandlers as $handler) {
// Explicitly ignore SessionLogoutHandler as we do session invalidation manually here,
// through the session storage, to avoid unwanted session migration.
if ($handler instanceof SessionLogoutHandler) {
continue;
}
$handler->logout($request, $response, $token);
}
return $response;
}