From ad8db409e48e4ccc6d3da7eb9a27d48ce586bad5 Mon Sep 17 00:00:00 2001
From: Brook Elgie <specialbrew@gmail.com>
Date: Tue, 14 Jun 2016 12:17:13 +0100
Subject: [PATCH] [#3113] Restore session deletion.

I over-committed in the previous commit and removed too much code. This
restores session deletion if there is a session.id, but no valid session
data.
---
 ckan/lib/base.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/ckan/lib/base.py b/ckan/lib/base.py
index b18c89e0d85..86b10c1399c 100644
--- a/ckan/lib/base.py
+++ b/ckan/lib/base.py
@@ -309,9 +309,15 @@ def __call__(self, environ, start_response):
                         is_valid_cookie_data = True
                         break
                 if not is_valid_cookie_data:
-                    response.delete_cookie(cookie)
-                    self.log.debug('No session data any more - '
-                                   'deleting session cookie')
+                    if session.id:
+                        self.log.debug('No valid session data - '
+                                       'deleting session')
+                        self.log.debug('Session: %r', session.items())
+                        session.delete()
+                    else:
+                        self.log.debug('No session id - '
+                                       'deleting session cookie')
+                        response.delete_cookie(cookie)
             # Remove auth_tkt repoze.who cookie if user not logged in.
             elif cookie == 'auth_tkt' and not session.id:
                 response.delete_cookie(cookie)