approach depended on having an $item, which is not the case on all pages (eg: tag pages). Also, check the CSRF in the logout controller, else you can use the logout link as a blind forwarder.