SAML: fix Laravel session behavior for SAML SignedOut event

PatBriPerso · PatBriPerso · commit 509b31ca9da3 · 2025-05-15T11:59:00.000+02:00
diff --git a/app/Listeners/SamlEventSubscriber.php b/app/Listeners/SamlEventSubscriber.php
@@ -75,8 +75,10 @@ public function handleSignedOut(SignedOut $event): void
         $debug = config('app.debug');
         if ($debug) Log::debug('[SAML2 Authentication] handleSignedOut begins');
 
+        // See LoginController::logout
         Auth::logout();
-        Session::save();
+        Session::invalidate();
+        Session::regenerateToken();
 
         if ($debug) Log::debug('[SAML2 Authentication] handleSignedOut ends');
     }
