New in Symfony 5.1: Simpler logout customization

Contributed by Wouter De Jong in #36243

A few months ago we started a massive effort to improve the entire Symfony Security component and its integration with the rest of the Symfony framework. We're still working on the biggest changes, but we've already finished some smaller improvements.

The current LogoutListener can be used to run some logic after a user has logged out of the application (e.g. to invalidate some tokens). Although it contains some extension points, it's not very DX-friendly (DX = developer experience) and it makes it impossible to do things like overwriting the default logout functionality from a bundle.

In Symfony 5.1 we've improved this feature with the introduction of a new LogoutEvent which replaces the existing LogoutSuccessHandlerInterface and LogoutHandlerInterface.

The new logout event is dispatched on both the global and the firewall dispatcher (whose name follows the pattern security.event_dispatcher.FIREWALLNAME). For example, to register a listener for the logout event only on the main firewall, use this config:

1
2
3
4
5
6
7
8

# config/services.yaml
services:
    # ...
    App\EventListener\MyCutomLogoutListener:
        tags:
            - name: 'kernel.event_listener'
              event: 'Symfony\Component\Security\Http\Event\LogoutEvent'
              dispatcher: security.event_dispatcher.main

The Symfony\\Component\\Security\\Http\\Event\\LogoutEvent object received by the listener contains useful methods such as getToken() (to get the security token of the session), getRequest() and setResponse().