## Project

User Logout Token
https://www.drupal.org/project/logout_token

## Description

This module provides a simple REST endpoint (/session/logout/token)
that allows developers to retrieve the CSRF logout token during
active user sessions.

In Drupal core, the logout token is only provided during the
initial login response. If a user resets their password, the
logout token gets regenerated, making it impossible to perform
a proper logout via REST. This module solves that by providing
a dedicated endpoint to fetch the current logout token at any
time during the session.

The module is useful for decoupled/headless Drupal architectures
where frontend applications need to handle secure logout operations.

## How it differs from similar projects

- No similar module exists on drupal.org that provides this
specific functionality
- Solves a known limitation in Drupal core's REST logout flow

## Security considerations

- Endpoint is protected by Drupal core's _user_is_logged_in
access check; anonymous users cannot access it
- Uses Drupal core's CsrfTokenGenerator service for token
generation (same as core's login controller)
- Uses Drupal core's RouteProviderInterface to resolve the
logout route path
- No direct database queries
- No raw user input processing
- No file operations, no external HTTP requests
- No use of eval(), unserialize(), or other risky functions
- Minimal codebase: single controller with proper dependency
injection

## Other projects maintained

- Views REST Export Field Grouping:
https://www.drupal.org/project/views_rest_field_grouping

Comments

sraseef created an issue. See original summary.

vishal.kadam’s picture

vishal.kadam
Location Mumbai
commented
Issue summary: View changes
Status: Needs review » Closed (duplicate)
Related issues: +#3579910: [1.0.x] Views REST Export Field Grouping

It appears there are multiple project applications created using your account.

Since a successful completion of the project application process results in the applicant being granted the necessary role to be able to opt projects into security advisory coverage, there is no need to take multiple applications through the process. Once the first application has been successfully approved, the applicant can promote other projects without review. Because of this, posting multiple applications is not necessary, and results in additional workload for reviewers, which in turn results in longer wait times for everyone in the queue.

With this in mind, your secondary applications have been marked as Closed (duplicate), with only one application left open. If, in the existing application you were asked to apply with a different project, please edit the issue summary of that application to change the project description and the project link.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.