From 4fb6a89db807562b650e3dca23f11caf6613b984 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Tue, 6 Aug 2019 09:59:08 +0200
Subject: [PATCH] only delete "Remember me" token on logout, if session is
 verified (user was logged in)

---
 logout.php | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/logout.php b/logout.php
index d74fdb3642..c8de45555d 100755
--- a/logout.php
+++ b/logout.php
@@ -37,14 +37,13 @@ elseif(strpos($redirectTarget, '[?&]cd=') !== false)
 	$redirectTarget = preg_replace('/([?&])cd=[^&]+/', '$1cd=1', $redirectTarget);
 }
 
-// remove remember me cookie on explicit logout, unless it is a second factor
-if ($GLOBALS['egw']->session->removeRememberMeTokenOnLogout())
-{
-	Api\Session::egw_setcookie('eGW_remember','',0,'/');
-}
-
 if($verified)
 {
+	// remove remember me cookie on explicit logout, unless it is a second factor
+	if ($GLOBALS['egw']->session->removeRememberMeTokenOnLogout())
+	{
+		Api\Session::egw_setcookie('eGW_remember','',0,'/');
+	}
 	Api\Hooks::process('logout');
 	$GLOBALS['egw']->session->destroy($GLOBALS['sessionid'],$GLOBALS['kp3']);
 }