From 990d7679ed7db8a6de0a98d4251a4dc27f98b156 Mon Sep 17 00:00:00 2001
From: Domas Mituzas <midom@users.mediawiki.org>
Date: Sat, 12 Jan 2008 23:10:08 +0000
Subject: [PATCH] Well, logging out is an action, where people don't want to
 have any of their their credentials still sit in browser. Actually, keeping a
 session is still bad. And trying to ensure that they don't see cached
 content... Well, thats wrong idea. See, if someone is logged out, he is
 anonymous and deserves to see cached content as everyone else.

So, let's destroy all cookies.
---
 includes/User.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/includes/User.php b/includes/User.php
index 6734c322ee..c0acf5becf 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -1977,12 +1977,13 @@ class User {
 		$this->clearInstanceCache( 'defaults' );
 
 		$_SESSION['wsUserID'] = 0;
-
+		
 		setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
 		setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-
-		# Remember when user logged out, to prevent seeing cached pages
-		setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgCookiePrefix.'UserName', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( $wgCookiePrefix.'LoggedOut', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		setcookie( session_name(), '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
+		session_destroy();
 	}
 
 	/**
-- 
2.20.1