BUGFIX Session::destroy() should make use of setcookie() to remove the cookie from the user, unsetting the superglobal doesn't unset from the browser

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91045 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2009-11-09 07:41:32 +00:00 · 2009-11-09 07:41:32 +00:00 · f80d5edbcb
commit f80d5edbcb
parent 898f5605df
1 changed files with 4 additions and 1 deletions
--- a/core/Session.php
+++ b/core/Session.php
@ -224,7 +224,10 @@ class Session {
 	 */
 	public static function destroy($removeCookie = true) {
 		if(session_id()) {
-			if($removeCookie) unset($_COOKIE[session_name()]);
+			if($removeCookie) {
+				setcookie(session_name(), '');
+				unset($_COOKIE[session_name()]);
+			}
 			session_destroy();
 		}
 	}