[Security] fixes a bug when clearing cookies on logout

1 files changed, 6 insertions, 15 deletions

diff --git a/Http/Logout/CookieClearingLogoutHandler.php b/Http/Logout/CookieClearingLogoutHandler.php
index ea6bff3..91fdc3d 100644
--- a/Http/Logout/CookieClearingLogoutHandler.php
+++ b/Http/Logout/CookieClearingLogoutHandler.php
@@ -22,24 +22,15 @@ use Symfony\Component\HttpFoundation\Request;
  */
 class CookieClearingLogoutHandler implements LogoutHandlerInterface
 {
-    protected $cookieNames;
+    protected $cookies;
 
     /**
      * Constructor
-     * @param array $cookieNames An array of cookie names to unset
+     * @param array $cookies An array of cookie names to unset
      */
-    public function __construct(array $cookieNames)
+    public function __construct(array $cookies)
     {
-        $this->cookieNames = $cookieNames;
-    }
-
-    /**
-     * Returns the names of the cookies to unset
-     * @return array
-     */
-    public function getCookieNames()
-    {
-        return $this->cookieNames;
+        $this->cookies = $cookies;
     }
 
     /**
@@ -52,8 +43,8 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
      */
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
-        foreach ($this->cookieNames as $cookieName) {
-            $response->headers->clearCookie($cookieName);
+        foreach ($this->cookies as $cookieName => $cookieData) {
+            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
         }
     }
 }