Fix #10714: Fix session notice with verify.php

This problem is a result of changes for issue #10187, where the session
is no longer destroyed in order to play nice with other PHP
applications.  However, the problem itself only manifests itself when a
user that is already logged into mantis follows the verification link.

Rather than forcefully restarting the session, the verification page now
logs out the existing user and then does a header redirect to itself to
allow the normal session init behavior to kick in.

account_page.php

@@ -93,11 +93,7 @@
 <?php } ?>
 <div align="center">
 <form method="post" action="account_update.php">
-<?php
-	echo form_security_field( 'account_update' );
-	if ( isset( $g_session_pass_id ) ) { ?>
-<input type="hidden" name="session_id" value="<?php echo session_id() ?>"/>
-<?php } ?>
+<?php echo form_security_field( 'account_update' ); ?>
 <table class="width75" cellspacing="1">
 
 	<!-- Headings -->

verify.php

@@ -40,10 +40,8 @@
 	if( auth_is_user_authenticated() ) {
 		auth_logout();
 
-		# (Re)initialize session
-		session_regenerate_id();
-		session_init();
-		$g_session_pass_id = ON;
+		# reload the page after logout
+		print_header_redirect("verify.php?id=${f_user_id}&confirm_hash=${f_confirm_hash}");
 	}
 
 	$t_calculated_confirm_hash = auth_generate_confirm_hash( $f_user_id );