- Patch #90612 by Bart Jansens: user_logout should only end the current session.

ab1d68d1 · Dries · 47f527fb · ab1d68d1 · ab1d68d1 · ab1d68d1
Commit ab1d68d1 authored Dec 04, 2006 by Dries
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -731,7 +731,7 @@ function _drupal_bootstrap($phase) {

    case DRUPAL_BOOTSTRAP_SESSION:
      require_once './includes/session.inc';
-      session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");
+      session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
      session_start();
      break;


--- a/includes/session.inc
+++ b/includes/session.inc
@@ -125,13 +125,21 @@ function sess_count($timestamp = 0, $anonymous = true) {

 /**
 * Called by PHP session handling with the PHP session ID to end a user's session.
- * Can also be called directly, either with the PHP session ID or another identifier
- * such as uid to end a specific user's session.
+ *
+ * @param  string $sid
+ *   the session id
+ */
+function sess_destroy_sid($sid) {
+  db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
+}
+
+/**
+ * End a specific user's session
 *
 * @param  string $uid
 *   the user id
 */
-function sess_destroy($uid) {
+function sess_destroy_uid($uid) {
  db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
 }


--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -148,7 +148,7 @@ function user_save($account, $array = array(), $category = 'account') {

    // Delete a blocked user's sessions to kick them if they are online.
    if (isset($array['status']) && $array['status'] == 0) {
-      sess_destroy($account->uid);
+      sess_destroy_uid($account->uid);
    }

    // Refresh user object
@@ -1014,7 +1014,7 @@ function user_logout() {
  watchdog('user', t('Session closed for %name.', array('%name' => $user->name)));

  // Destroy the current session:
-  sess_destroy($user->uid);
+  session_destroy();
  module_invoke_all('user', 'logout', NULL, $user);

  // Load the anonymous user
@@ -1444,7 +1444,7 @@ function user_confirm_delete($name, $uid) {
 */
 function user_delete($edit, $uid) {
  $account = user_load(array('uid' => $uid));
-  sess_destroy($uid);
+  sess_destroy_uid($uid);
  db_query('DELETE FROM {users} WHERE uid = %d', $uid);
  db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
  db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);