[Security] fixes a bug when clearing cookies on logout

src/Symfony/Component/Security/Http/Logout/CookieClearingLogoutHandler.php

@@ -22,24 +22,15 @@ use Symfony\Component\HttpFoundation\Request;
  */
 class CookieClearingLogoutHandler implements LogoutHandlerInterface
 {
-    protected $cookieNames;
+    protected $cookies;
 
     /**
      * Constructor
-     * @param array $cookieNames An array of cookie names to unset
+     * @param array $cookies An array of cookie names to unset
      */
-    public function __construct(array $cookieNames)
+    public function __construct(array $cookies)
     {
-        $this->cookieNames = $cookieNames;
-    }
-
-    /**
-     * Returns the names of the cookies to unset
-     * @return array
-     */
-    public function getCookieNames()
-    {
-        return $this->cookieNames;
+        $this->cookies = $cookies;
     }
 
     /**
@@ -52,8 +43,8 @@ class CookieClearingLogoutHandler implements LogoutHandlerInterface
      */
     public function logout(Request $request, Response $response, TokenInterface $token)
     {
-        foreach ($this->cookieNames as $cookieName) {
-            $response->headers->clearCookie($cookieName);
+        foreach ($this->cookies as $cookieName => $cookieData) {
+            $response->headers->clearCookie($cookieName, $cookieData['path'], $cookieData['domain']);
         }
     }
 }

tests/Symfony/Tests/Component/Security/Http/Logout/CookieClearingLogoutHandlerTest.php

@@ -17,22 +17,13 @@ use Symfony\Component\Security\Http\Logout\CookieClearingLogoutHandler;
 
 class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
 {
-    public function testConstructor()
-    {
-        $cookieNames = array('foo', 'foo2', 'foo3');
-
-        $handler = new CookieClearingLogoutHandler($cookieNames);
-
-        $this->assertEquals($cookieNames, $handler->getCookieNames());
-    }
-
     public function testLogout()
     {
         $request = new Request();
         $response = new Response();
         $token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
 
-        $handler = new CookieClearingLogoutHandler(array('foo', 'foo2'));
+        $handler = new CookieClearingLogoutHandler(array('foo' => array('path' => '/foo', 'domain' => 'foo.foo'), 'foo2' => array('path' => null, 'domain' => null)));
 
         $this->assertFalse($response->headers->hasCookie('foo'));
 
@@ -43,10 +34,14 @@ class CookieClearingLogoutHandlerTest extends \PHPUnit_Framework_TestCase
 
         $cookie = $cookies['foo'];
         $this->assertEquals('foo', $cookie->getName());
+        $this->assertEquals('/foo', $cookie->getPath());
+        $this->assertEquals('foo.foo', $cookie->getDomain());
         $this->assertTrue($cookie->isCleared());
 
         $cookie = $cookies['foo2'];
         $this->assertStringStartsWith('foo2', $cookie->getName());
+        $this->assertNull($cookie->getPath());
+        $this->assertNull($cookie->getDomain());
         $this->assertTrue($cookie->isCleared());
     }
 }