Problem/Motivation
The changes made in issue https://www.drupal.org/project/drupal/issues/144538 do not work quite correctly.
When creating a logout link, the token parameter is always outdated. Even if it is changed from the default using $this->csrfToken->get('user/logout'), in $this->csrfToken->validate($request->query->get('token', '') , $path) we always get false because $seed = $this->sessionMetadata->getCsrfTokenSeed() constantly returns different values for every request and at the time of checking the token from the link is already out of date. We always get a confirmation form to log out.
Steps to reproduce
Use the debugger to check for $seed values from CsrfAccessCheck->access (line 65) CsrfTokenGenerator->validate $seed from line 85 on multiple page reloads. For example, it can be clicking the logout button on the main page.