public function testCsrfTokensAreClearedOnLogout() { $client =
$this->
createClient(['test_case' => 'LogoutWithoutSessionInvalidation', 'root_config' => 'config.yml'
]);
$client->
disableReboot();
$client->
request('POST', '/login',
[ '_username' => 'johannes',
'_password' => 'test',
]);
$this->
callInRequestContext($client,
function D
) { static::
getContainer()->
get('security.csrf.token_storage'
)->
setToken('foo', 'bar'
);
});
$client->
request('GET', '/logout'
);
$this->
callInRequestContext($client,
function D
) { $this->
assertFalse(static::
getContainer()->
get('security.csrf.token_storage'
)->
hasToken('foo'
));
});
} public function testAccessControlDoesNotApplyOnLogout() {