Use $GLOBALS['session']->destroy() instead of setting $_SESSION['current'] = "". Using "" means that $_SESSION['current']

could be set but be a string. Don't call addmsg() after logging out otherwise the session message will be lost and can show up for other users or be stuck in the database
2006-07-06 04:21:04 +00:00
parent 82b95b8f6d
commit 81057d13ab
2 changed files with 5 additions and 8 deletions
--- a/account.php
+++ b/account.php
@@ -58,10 +58,6 @@ function do_account($sCmd = null)
            if($_SESSION['current'])
                $_SESSION['current']->logout();

-            /* destroy all session variables */
-            $GLOBALS['session']->destroy();
-
-            addmsg("You are successfully logged out.", "green");
            redirect(apidb_fullurl("index.php"));
            exit;
    }
--- a/include/user.php
+++ b/include/user.php
@@ -82,15 +82,16 @@ class User {
            return SUCCESS;
        }

-        /* null out the session variable for the current user since we failed to login */
-        $_SESSION['current'] = "";
+        /* destroy all session variables since we failed to login */
+        $GLOBALS['session']->destroy();
+
        return USER_LOGIN_FAILED;
    }

    function logout()
    {
-        /* null out the session current variable to log us out */
-        $_SESSION['current'] = "";
+        /* destroy all session variables since we are logging out */
+        $GLOBALS['session']->destroy();
    }