From a27ba9824a7b68d9af8a0c9dccab6b2c5d8c0401 Mon Sep 17 00:00:00 2001
From: matlec <mathieu.lechat@sensiolabs.com>
Date: Wed, 3 Sep 2025 14:44:32 +0200
Subject: [PATCH] [SecurityBundle] Prevent accessing the tracked token storage
 when collecting data

---
 .../DataCollector/SecurityDataCollector.php            | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
index 85043db542776..0e1528ec3eab8 100644
--- a/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+++ b/src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
@@ -106,10 +106,12 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
             }
 
             $logoutUrl = null;
-            try {
-                $logoutUrl = $this->logoutUrlGenerator?->getLogoutPath();
-            } catch (\Exception) {
-                // fail silently when the logout URL cannot be generated
+            if ($this->logoutUrlGenerator && method_exists($token, 'getFirewallName')) {
+                try {
+                    $logoutUrl = $this->logoutUrlGenerator->getLogoutPath($token->getFirewallName());
+                } catch (\Exception) {
+                    // fail silently when the logout URL cannot be generated
+                }
             }
 
             $this->data = [