delete_authtokens_logout.diff
| framework/modules/auth/libraries/drivers/Auth/ORM.php (working copy) | ||
|---|---|---|
| 179 | 179 |
*/ |
| 180 | 180 |
public function logout($destroy) |
| 181 | 181 |
{
|
| 182 |
if (cookie::get('authautologin'))
|
|
| 182 |
if ($token = cookie::get('authautologin'))
|
|
| 183 | 183 |
{
|
| 184 | 184 |
// Delete the autologin cookie to prevent re-login |
| 185 | 185 |
cookie::delete('authautologin');
|
| 186 |
|
|
| 187 |
// Clear all autologin tokens from the database for this user for security |
|
| 188 |
$ut = ORM::factory('user_token', $token);
|
|
| 189 |
if ($ut->loaded) {
|
|
| 190 |
if ($destroy) {
|
|
| 191 |
ORM::factory('user_token')->where('user_id', $ut->user_id)->delete_all();
|
|
| 192 |
} else {
|
|
| 193 |
$ut->delete(); |
|
| 194 |
} |
|
| 195 |
} |
|
| 186 | 196 |
} |
| 187 | 197 | |
| 188 | 198 |
return parent::logout($destroy); |