I wrote
public function logout()
{
$result = $this->Authentication->getResult();
// regardless of POST or GET, redirect if user is logged in
if ($result->isValid()) {
$session = $this->request->getSession();
$session->destroy();
$this->Authentication->logout();
return $this->redirect(['controller' => 'Users', 'action' => 'login']);
}
}
I had to guess as where the session destroy belonged. I don’t know if I put it in the right place. Maybe it should come before the if condition? It’s working but I’m not sure it’s correct.