From 2f7fd967b20954801a0794e01de779eb076a3332 Mon Sep 17 00:00:00 2001 From: Mateusz Uzdowski Date: Thu, 23 May 2013 13:26:57 +1200 Subject: [PATCH] BUG Clean up the logOut and session destructon routines. --- control/Session.php | 17 +++++++++++------ security/Member.php | 3 ++- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/control/Session.php b/control/Session.php index 27f3588d4..f80363188 100644 --- a/control/Session.php +++ b/control/Session.php @@ -528,21 +528,26 @@ class Session { public static function destroy($removeCookie = true) { if(session_id()) { if($removeCookie) { - $path = Config::inst()->get('cookie_path'); + $path = Config::inst()->get('Session', 'cookie_path'); if(!$path) $path = Director::baseURL(); - $domain = Config::inst()->get('cookie_domain'); - $secure = Config::inst()->get('cookie_secure'); + $domain = Config::inst()->get('Session', 'cookie_domain'); + $secure = Config::inst()->get('Session', 'cookie_secure'); if($domain) { - setcookie(session_name(), '', null, $path, $domain, $secure, true); + setcookie(session_name(), '', null, $path, $domain, $secure, true); } - else { - setcookie(session_name(), '', null, $path, null, $secure, true); + else { + setcookie(session_name(), '', null, $path, null, $secure, true); } unset($_COOKIE[session_name()]); } + session_destroy(); + + // Clean up the superglobal - session_destroy does not do it. + // http://nz1.php.net/manual/en/function.session-destroy.php + unset($_SESSION); } } diff --git a/security/Member.php b/security/Member.php index 2912c79fd..232aa0dd4 100644 --- a/security/Member.php +++ b/security/Member.php @@ -447,7 +447,8 @@ class Member extends DataObject implements TemplateGlobalProvider { public function logOut() { Session::clear("loggedInAs"); if(Member::config()->login_marker_cookie) Cookie::set(Member::config()->login_marker_cookie, null, 0); - self::session_regenerate_id(); + + Session::destroy(); $this->extend('memberLoggedOut');