From: Domas Mituzas Date: Sat, 12 Jan 2008 23:10:08 +0000 (+0000) Subject: Well, logging out is an action, where people don't want to have any of their their... X-Git-Tag: 1.31.0-rc.0~50041 X-Git-Url: http://git.cyclocoop.org/%22.%24info%5B?a=commitdiff_plain;h=990d7679ed7db8a6de0a98d4251a4dc27f98b156;p=lhc%2Fweb%2Fwiklou.git Well, logging out is an action, where people don't want to have any of their their credentials still sit in browser. Actually, keeping a session is still bad. And trying to ensure that they don't see cached content... Well, thats wrong idea. See, if someone is logged out, he is anonymous and deserves to see cached content as everyone else. So, let's destroy all cookies. --- diff --git a/includes/User.php b/includes/User.php index 6734c322ee..c0acf5becf 100644 --- a/includes/User.php +++ b/includes/User.php @@ -1977,12 +1977,13 @@ class User { $this->clearInstanceCache( 'defaults' ); $_SESSION['wsUserID'] = 0; - + setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - - # Remember when user logged out, to prevent seeing cached pages - setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); + setcookie( $wgCookiePrefix.'UserName', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); + setcookie( $wgCookiePrefix.'LoggedOut', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); + setcookie( session_name(), '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); + session_destroy(); } /**