holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

only delete "Remember me" token on logout, if session is verified (user was logged in)

Browse Source
This commit is contained in:
Ralf Becker 2019-08-06 09:59:08 +02:00
parent bf2e396486
commit 4fb6a89db8
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
logout.php
View File

@ -37,14 +37,13 @@ elseif(strpos($redirectTarget, '[?&]cd=') !== false)
$redirectTarget = preg_replace('/([?&])cd=[^&]+/', '$1cd=1', $redirectTarget); $redirectTarget = preg_replace('/([?&])cd=[^&]+/', '$1cd=1', $redirectTarget);
} }
// remove remember me cookie on explicit logout, unless it is a second factor
if ($GLOBALS['egw']->session->removeRememberMeTokenOnLogout())
{
Api\Session::egw_setcookie('eGW_remember','',0,'/');
}
if($verified) if($verified)
{ {
// remove remember me cookie on explicit logout, unless it is a second factor
if ($GLOBALS['egw']->session->removeRememberMeTokenOnLogout())
{
Api\Session::egw_setcookie('eGW_remember','',0,'/');
}
Api\Hooks::process('logout'); Api\Hooks::process('logout');
$GLOBALS['egw']->session->destroy($GLOBALS['sessionid'],$GLOBALS['kp3']); $GLOBALS['egw']->session->destroy($GLOBALS['sessionid'],$GLOBALS['kp3']);
} }