Symfony version(s) affected

6.1

Description

When i need to programmatically logout a user from a controller i use:
setToken(null) from this interface Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface

This logs a user out correctly only if the remember-me feature is not active and the REMEMBERME token is not set.
If a user is logged-in via the remember-me feature, logout doesn't happen.

I think this can be considered a bug, unless there are 2 different ways of logging out a user based on the type of login: regular or with remember-me. But in any case, there should be a single way to logout user regardless the type of login used.

How to reproduce

Something like this in a controller:

<?php

namespace App\Controller;

use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class ReproduceBugController extends AbstractController
{
    #[Route('/reproduce/bug', name: 'app_reproduce_bug')]
    public function index(TokenStorageInterface $tokenStorage): Response
    {
        $tokenStorage->setToken(null);
        return $this->redirectToRoute('app_reproduce_bug');
    }
}

Possible Solution

No response

Additional Context

No response