bug symfony#61614 [SecurityBundle] Prevent accessing the tracked token storage when collecting data (MatTheCat)

nicolas-grekas · nicolas-grekas · commit 1ff83e054812 · 2025-09-03T16:03:07.000+02:00
This PR was merged into the 6.4 branch. Discussion ---------- [SecurityBundle] Prevent accessing the tracked token storage when collecting data | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix symfony#61525 | License | MIT Commits ------- a27ba98 [SecurityBundle] Prevent accessing the tracked token storage when collecting data
diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -106,10 +106,12 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
             }
 
             $logoutUrl = null;
-            try {
-                $logoutUrl = $this->logoutUrlGenerator?->getLogoutPath();
-            } catch (\Exception) {
-                // fail silently when the logout URL cannot be generated
+            if ($this->logoutUrlGenerator && method_exists($token, 'getFirewallName')) {
+                try {
+                    $logoutUrl = $this->logoutUrlGenerator->getLogoutPath($token->getFirewallName());
+                } catch (\Exception) {
+                    // fail silently when the logout URL cannot be generated
+                }
             }
 
             $this->data = [
