Skip to content

Commit 1ea495c

Browse files
committed
fix: add X-User-Id header to logout response before clearing the user session
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
1 parent 62ad08f commit 1ea495c

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

core/Controller/LoginController.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -75,15 +75,16 @@ public function __construct(
7575
#[FrontpageRoute(verb: 'GET', url: '/logout')]
7676
public function logout() {
7777
$loginToken = $this->request->getCookie('nc_token');
78+
$uid = $this->userSession->getUser()->getUID();
7879
if (!is_null($loginToken)) {
79-
$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
80+
$this->config->deleteUserValue($uid, 'login_token', $loginToken);
8081
}
8182
$this->userSession->logout();
8283

8384
$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
8485
'core.login.showLoginForm',
8586
['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
86-
));
87+
), Http::STATUS_SEE_OTHER, ['X-User-Id' => $uid]);
8788

8889
$this->session->set('clearingExecutionContexts', '1');
8990
$this->session->close();

0 commit comments

Comments
 (0)