2008-09-06
libdw
While trying to get AD integration working my way, I noticed that I couldn't get session information properly cleared upon logout.
That is, when you logout, most of your session auth info should get cleared (see auth_logoff function in inc/auth.php).
This however doesn't happen because doku.php calls session_write_close before auth.php has the chance to clear the session.
Proposed solution:
in doku.php, change the call to sessio_write_close with
//close session
if(!in_array($ACT,array('login','logout'))){
session_write_close();
}
Also, in auth.php - auth_logoff function, I don't see the point in checking if variables are set before unsetting them, so replace each line like
if(isset($_SESSION[DOKU_COOKIE]['auth']['something']))
unset($_SESSION[DOKU_COOKIE]['auth']['something']);
with just
unset($_SESSION[DOKU_COOKIE]['auth']['something']);