fixed session logout handler when a firewall is stateless

doc/changelog.rst

@@ -4,7 +4,7 @@ Changelog
 1.3.1 (2015-XX-XX)
 ------------------
 
-* n/a
+* fixed session logout handler when a firewall is stateless
 
 1.3.0 (2015-06-05)
 ------------------

doc/providers/security.rst

@@ -300,7 +300,7 @@ pattern::
         'secured' => array(
             'pattern' => '^/admin/',
             'form' => array('login_path' => '/login', 'check_path' => '/admin/login_check'),
-            'logout' => array('logout_path' => '/admin/logout'),
+            'logout' => array('logout_path' => '/admin/logout', 'invalidate_session' => true),
 
             // ...
         ),

src/Silex/Provider/SecurityServiceProvider.php

@@ -243,6 +243,8 @@ class SecurityServiceProvider implements ServiceProviderInterface
                             throw new \LogicException(sprintf('The "%s" authentication entry is not registered.', $type));
                         }
 
+                        $options['stateless'] = $stateless;
+
                         list($providerId, $listenerId, $entryPointId, $position) = $app['security.authentication_listener.factory.'.$type]($name, $options);
 
                         if (null !== $entryPointId) {
@@ -511,7 +513,7 @@ class SecurityServiceProvider implements ServiceProviderInterface
                 );
 
                 $invalidateSession = isset($options['invalidate_session']) ? $options['invalidate_session'] : true;
-                if (true === $invalidateSession) {
+                if (true === $invalidateSession && false === $options['stateless']) {
                     $listener->addHandler(new SessionLogoutHandler());
                 }