From 81057d13ab5653e202c50d5e6dbefafd94e18c44 Mon Sep 17 00:00:00 2001
From: Chris Morgan <cmorgan@alum.wpi.edu>
Date: Thu, 6 Jul 2006 04:21:04 +0000
Subject: [PATCH] Use $GLOBALS['session']->destroy() instead of setting
 $_SESSION['current'] = "".  Using "" means that $_SESSION['current'] could be
 set but be a string. Don't call addmsg() after logging out otherwise the
 session message will be lost and can show up for other users or be stuck in
 the database

---
 account.php      | 4 ----
 include/user.php | 9 +++++----
 2 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/account.php b/account.php
index 973e310..04454f4 100644
--- a/account.php
+++ b/account.php
@@ -58,10 +58,6 @@ function do_account($sCmd = null)
             if($_SESSION['current'])
                 $_SESSION['current']->logout();
 
-            /* destroy all session variables */
-            $GLOBALS['session']->destroy();
-
-            addmsg("You are successfully logged out.", "green");
             redirect(apidb_fullurl("index.php"));
             exit;
     }
diff --git a/include/user.php b/include/user.php
index 0c3dc2d..4bb4360 100644
--- a/include/user.php
+++ b/include/user.php
@@ -82,15 +82,16 @@ class User {
             return SUCCESS;
         }
 
-        /* null out the session variable for the current user since we failed to login */
-        $_SESSION['current'] = "";
+        /* destroy all session variables since we failed to login */
+        $GLOBALS['session']->destroy();
+
         return USER_LOGIN_FAILED;
     }
 
     function logout()
     {
-        /* null out the session current variable to log us out */
-        $_SESSION['current'] = "";
+        /* destroy all session variables since we are logging out */
+        $GLOBALS['session']->destroy();
     }