If a user logs in with a bad CSRF token, the Warden before_logout hook will be called with no valid user. This would lead to odd Error 500 messages with a backtrace. Addresses part of #50857