From a61ce077c64851fdf5dd4aa041cfd74509590011 Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Thu, 2 Nov 2017 11:31:53 +0000
Subject: [PATCH] FIX Sessions must be destroyed on logout

---
 .../MemberAuthenticator/SessionAuthenticationHandler.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
index 152518b77..ea6b8545e 100644
--- a/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
+++ b/src/Security/MemberAuthenticator/SessionAuthenticationHandler.php
@@ -104,6 +104,6 @@ class SessionAuthenticationHandler implements AuthenticationHandler
     public function logOut(HTTPRequest $request = null)
     {
         $request = $request ?: Controller::curr()->getRequest();
-        $request->getSession()->clear($this->getSessionVariable());
+        $request->getSession()->destroy();
     }
 }