claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use $GLOBALS['session']->destroy() instead of setting $_SESSION['current'] = "". Using "" means that $_SESSION['current']

Browse Source 
could be set but be a string. Don't call addmsg() after logging out otherwise the session message will be lost and can
show up for other users or be stuck in the database
This commit is contained in:
Chris Morgan
2006-07-06 04:21:04 +00:00
committed by WineHQ
parent 82b95b8f6d
commit 81057d13ab
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
account.php
View File

@@ -58,10 +58,6 @@ function do_account($sCmd = null)
if($_SESSION['current']) if($_SESSION['current'])
$_SESSION['current']->logout(); $_SESSION['current']->logout();
/* destroy all session variables */
$GLOBALS['session']->destroy();
addmsg("You are successfully logged out.", "green");
redirect(apidb_fullurl("index.php")); redirect(apidb_fullurl("index.php"));
exit; exit;
} }

9
include/user.php
View File

@@ -82,15 +82,16 @@ class User {
return SUCCESS; return SUCCESS;
} }
/* null out the session variable for the current user since we failed to login */ /* destroy all session variables since we failed to login */
$_SESSION['current'] = ""; $GLOBALS['session']->destroy();
return USER_LOGIN_FAILED; return USER_LOGIN_FAILED;
} }
function logout() function logout()
{ {
/* null out the session current variable to log us out */ /* destroy all session variables since we are logging out */
$_SESSION['current'] = ""; $GLOBALS['session']->destroy();
} }