T25227: Use token when logging out improved security when it comes to user log out action. Previously, any GET request sent to Special:UserLogout page triggered the log out action. That was an issue as attacker could easily put an html that would logout user from Wikimedia. and now every request to the Special:UserLogout needs the logoutToken calculated by the system.
Otherwise system will present an intermediate step, it will ask for confirmation before logging out user.
To avoid the intermediate state, please pass the logoutToken param with the logout link.
- Verify that logging out doesn't show an intermediate state.
This can be achieved by passing param:
'logoutToken' => $this->user->getEditToken( 'logoutToken', $this->request )
To the $authLinksQuery in the AuthMenuEntry::buildComponentsForLoggedIn() method