Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

BUG Clean up the logOut and session destructon routines.

  • Loading branch information...
commit 2f7fd967b20954801a0794e01de779eb076a3332 1 parent ee784c3
@mateusz mateusz authored
Showing with 13 additions and 7 deletions.
  1. +11 −6 control/Session.php
  2. +2 −1  security/Member.php
View
17 control/Session.php
@@ -528,21 +528,26 @@ public static function start($sid = null) {
public static function destroy($removeCookie = true) {
if(session_id()) {
if($removeCookie) {
- $path = Config::inst()->get('cookie_path');
+ $path = Config::inst()->get('Session', 'cookie_path');
if(!$path) $path = Director::baseURL();
- $domain = Config::inst()->get('cookie_domain');
- $secure = Config::inst()->get('cookie_secure');
+ $domain = Config::inst()->get('Session', 'cookie_domain');
+ $secure = Config::inst()->get('Session', 'cookie_secure');
if($domain) {
- setcookie(session_name(), '', null, $path, $domain, $secure, true);
+ setcookie(session_name(), '', null, $path, $domain, $secure, true);
}
- else {
- setcookie(session_name(), '', null, $path, null, $secure, true);
+ else {
+ setcookie(session_name(), '', null, $path, null, $secure, true);
}
unset($_COOKIE[session_name()]);
}
+
session_destroy();
+
+ // Clean up the superglobal - session_destroy does not do it.
+ // http://nz1.php.net/manual/en/function.session-destroy.php
+ unset($_SESSION);
}
}
View
3  security/Member.php
@@ -447,7 +447,8 @@ public static function autoLogin() {
public function logOut() {
Session::clear("loggedInAs");
if(Member::config()->login_marker_cookie) Cookie::set(Member::config()->login_marker_cookie, null, 0);
- self::session_regenerate_id();
+
+ Session::destroy();
$this->extend('memberLoggedOut');
Please sign in to comment.
Something went wrong with that request. Please try again.