From 62974d3fd89ad6c6d69fb817a0e9786e2789be4c Mon Sep 17 00:00:00 2001
From: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
Date: Wed, 4 Feb 2026 16:43:32 +0100
Subject: [PATCH] fix: add X-User-Id header to logout response before clearing
 the user session

Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
---
 core/Controller/LoginController.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index a433c3073b409..cbff4ec68be35 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -75,15 +75,16 @@ public function __construct(
 	#[FrontpageRoute(verb: 'GET', url: '/logout')]
 	public function logout() {
 		$loginToken = $this->request->getCookie('nc_token');
+		$uid = $this->userSession->getUser()->getUID();
 		if (!is_null($loginToken)) {
-			$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
+			$this->config->deleteUserValue($uid, 'login_token', $loginToken);
 		}
 		$this->userSession->logout();
 
 		$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
 			'core.login.showLoginForm',
 			['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
-		));
+		), Http::STATUS_SEE_OTHER, ['X-User-Id' => $uid]);
 
 		$this->session->set('clearingExecutionContexts', '1');
 		$this->session->close();