Masquarade Saml compatibility issue

> In D8, the proposed D7 solution does not get us there.

I think it would because this is the same, except there it's configurable and this is hardcoded which obviously doesn't work as a patch that could be committed.

However, the maintainer in the other issue was against this approach. I'm not 100% sure I get that, though. Wondering about what the use cases are for calling the logout hook. There seem to be very few implements of that out there.

Maybe we could alternatively move $_SESSION['masquerading'] = $account->id(); up so that other modules have a way to detect if it's a real logout or just a masquerading. See also #2124117: Unable to masquerade when logging in via SAML which tries to solve this in simplesamlphp_auth but currently requires an ugly hack to check the caller.

The template reset is IMHO not important, that would only matter if we would render anything in this context, but a) nothing has been rendered yet, so it hasn't been filled yet and b) we're not rendering anything after that.

Discussed with @andypost, he prefers the session-based approach, will also upload a patch to the simplesamlphp_auth issue mentioned above in a minute.

Noticed this doesn't work yet for unmasquerade, might need a similar change for the switch back part.

@Berdir is there a steps to test unmasquerade?

Here is a patch that also switches the order for switchBack(), no additional changes are needed for simplesamlphp_auth.

I bet it need hasSession() on request before removal of flag

For myself to check with https://www.drupal.org/commitlog/commit/2/aaf13e2338771bef7a281fef7a72b3...

@andypost: How is that related to that issue? I'm just moving the existing calls around. Even if there s a problem (which I doubt, because you can't get there without having a session/being logged in), it is not caused by this?

+++ b/src/Masquerade.php
@@ -147,11 +147,14 @@ class Masquerade {
+    // Save previous account ID to session storage, set this before
+    // switching so that other modules can react to it, e.g. during
+    // hook_user_logout().

I think this flag should be differently named, because this session is not really in action, so $this->session->set('masquerade_logout', TRUE) to allow properly react on login/logout

@andypost: Not sure I follow? I'm only changing when the existing flag is set, we can't change the name of that? I could set a *second* additional flag, but not quite sure what the point of that would be? we could set it somewhere else than the session, but that would likely make the code in the simplesamlphp_auth more complex as it would need a module exists check or so.

@andypost any further thoughts on this patch? I'm going to give it a whirl to see if it helps.

Sorry for taking long to review, goona commit because it only rearranges code

Thanks a lot for clean solution!