A lot has changed in 5.1/5.1.1, but the changes I’m seeing in WordPress core wouldn’t cause 302 redirects on their own.
1. wp_logout
is pluggable
wp_logout
is a pluggable function. That means anyone can override this function and cause it to do something different because the function is wrapped in a condition checking for other functions with the same name. Here’s the contents of wp_logout
:
if ( ! function_exists( 'wp_logout' ) ) :
wp_destroy_current_session();
wp_clear_auth_cookie();
/**
* Fires after a user is logged-out.
*
* @since 1.5.0
*/
do_action( 'wp_logout' );
endif;
2. wp_logout
calls a do_action
hook
The last part of the function is calling a do_action
which anyone can use to add to the function, including redirects.
3. wp_logout
calls other functions
wp_logout
calls wp_destroy_current_session
and wp_clear_auth_cookie
. Either of these could complicate things as well. wp_destroy_current_session
is able to be modified to use other systems like Redis storage or other methods via the session_token_manager
filter. wp_clear_auth_cookie
is a pluggable function and also has a do_action
hook.
So, to answer your question…
WordPress 5.1.1 didn’t change anything that would cause a call to
wp_logout()
to throw a 302 redirect, but there are plenty of opportunities for other plugins or themes to cause this to occur.