[icinga-checkins] icinga.org: icinga-web/master: Fix session destruction on logout ( refs #3721)

git at icinga.org git at icinga.org
Thu Apr 4 11:52:51 CEST 2013


Module: icinga-web
Branch: master
Commit: 2362a84fed897a09bfb33908c6ea899a6f3f4b1d
URL:    https://git.icinga.org/?p=icinga-web.git;a=commit;h=2362a84fed897a09bfb33908c6ea899a6f3f4b1d

Author: Markus Frosch <markus at lazyfrosch.de>
Date:   Wed Feb 20 16:26:34 2013 +0100

Fix session destruction on logout (refs #3721)

Now clearing the whole session, instead of only some basic vars

---

 .../AppKit/lib/auth/AppKitSecurityUser.class.php   |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/app/modules/AppKit/lib/auth/AppKitSecurityUser.class.php b/app/modules/AppKit/lib/auth/AppKitSecurityUser.class.php
index 09b0dc3..90c3b55 100644
--- a/app/modules/AppKit/lib/auth/AppKitSecurityUser.class.php
+++ b/app/modules/AppKit/lib/auth/AppKitSecurityUser.class.php
@@ -179,6 +179,9 @@ class AppKitSecurityUser extends AgaviRbacSecurityUser {
         $this->clearCredentials();
         $this->setAuthenticated(false);
 
+        // destroy the session with all settings
+        session_destroy();
+
         $this->getContext()->getLoggerManager()
         ->log(sprintf('User %s (%s) logged out!', $this->getAttribute('userobj')->user_name, $this->getAttribute('userobj')->givenName()), AgaviLogger::INFO);
 





More information about the icinga-checkins mailing list