Remove some old session hackery & make sure mgd always stays in sync

flack · Oct 22, 2017 · 085d3e4 · 085d3e4
1 parent 6dfa014
commit 085d3e4
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 23 deletions.
diff --git a/lib/midcom/services/auth/backend.php b/lib/midcom/services/auth/backend.php
@@ -188,5 +188,6 @@ public function logout(midcom_core_user $user)
             $person->delete_parameter('midcom', 'online');
         }
         $this->delete_session();
+        midcom_connection::logout();
     }
 }
diff --git a/lib/midcom/services/auth/main.php b/lib/midcom/services/auth/main.php
@@ -723,32 +723,14 @@ public function trusted_login($username)
      * This call clears any authentication state
      */
     public function logout()
-    {
-        $this->drop_login_session();
-        $this->admin = false;
-        $this->user = null;
-        midcom_connection::logout();
-    }
-
-    /**
-     * This is a limited version of logout: It will just drop the current login session, but keep
-     * the current request authenticated.
-     *
-     * Note, that this call will also drop any information in the PHP Session (if exists). This will
-     * leave the request in a clean state after calling this function.
-     */
-    function drop_login_session()
     {
         if (is_null($this->user)) {
-            debug_add('The backend has no authenticated user set, so we should be fine, doing the relocate nevertheless though.');
+            debug_add('The backend has no authenticated user set, so we should be fine');
         } else {
             $this->_auth_backend->logout($this->user);
+            $this->user = null;
         }
-
-        // Kill the session forcibly:
-        @session_start();
-        $_SESSION = [];
-        session_destroy();
+        $this->admin = false;
     }
 
     /**

diff --git a/test/utilities/testcase.php b/test/utilities/testcase.php
@@ -429,8 +429,6 @@ public static function TearDownAfterClass()
         self::_process_delete_queue('class', self::$_class_objects);
         self::$_class_objects = [];
         midcom::get()->auth->logout();
-        // logout calls session_destroy, so we need to make sure that nothing else tries to start it again
-        @session_start();
     }
 
     private static function _process_delete_queue($queue_name, $queue)