Cover of the book Symfony 5: The Fast Track

Symfony 5: The Fast Track is the best book to learn modern Symfony development, from zero to production. +300 pages showcasing Symfony with Docker, APIs, queues & async tasks, Webpack, SPAs, etc.

New in Symfony 5.1: Simpler logout customization

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Contributed by
Wouter De Jong
in #36243.

A few months ago we started a massive effort to improve the entire Symfony Security component and its integration with the rest of the Symfony framework. We're still working on the biggest changes, but we've already finished some smaller improvements.

The current LogoutListener can be used to run some logic after a user has logged out of the application (e.g. to invalidate some tokens). Although it contains some extension points, it's not very DX-friendly (DX = developer experience) and it makes it impossible to do things like overwriting the default logout functionality from a bundle.

In Symfony 5.1 we've improved this feature with the introduction of a new LogoutEvent which replaces the existing LogoutSuccessHandlerInterface and LogoutHandlerInterface.

The new logout event is dispatched on both the global and the firewall dispatcher (whose name follows the pattern security.event_dispatcher.FIREWALLNAME). For example, to register a listener for the logout event only on the main firewall, use this config:

# config/services.yaml
    # ...
            - name: 'kernel.event_listener'
              event: 'Symfony\Component\Security\Http\Event\LogoutEvent'
              dispatcher: security.event_dispatcher.main

The Symfony\\Component\\Security\\Http\\Event\\LogoutEvent object received by the listener contains useful methods such as getToken() (to get the security token of the session), getRequest() and setResponse().

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.


That's nice but how can i prevent the redirect and get a json response after logout (API call)

And I get an error in UnitTest because of the Request autowire in the constructor of the extended class

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.