issue #320 - regression, after removing channel attached to an authenticated session the session was not completely cleared.

3 files changed, 34 insertions, 30 deletions

diff --git a/include/Contact.php b/include/Contact.php
index 611371db6..1c61470e1 100644
--- a/include/Contact.php
+++ b/include/Contact.php
@@ -263,7 +263,7 @@ function rrmdir($path)
     return false;
 }
 
-function channel_remove($channel_id, $local = true, $unset_session=true) {
+function channel_remove($channel_id, $local = true, $unset_session=false) {
 
 	if(! $channel_id)
 		return;
@@ -389,8 +389,7 @@ function channel_remove($channel_id, $local = true, $unset_session=true) {
 	proc_run('php','include/directory.php',$channel_id);
 
 	if($channel_id == local_channel() && $unset_session) {
-		unset($_SESSION['authenticated']);
-		unset($_SESSION['uid']);
+		nuke_session();
 		goaway($a->get_baseurl());
 	}
 
diff --git a/include/auth.php b/include/auth.php
index 4f0c4c928..1a7110c20 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -12,33 +12,6 @@
 require_once('include/api_auth.php');
 require_once('include/security.php');
 
-/**
- * @brief Resets the current session.
- *
- * @return void
- */
-function nuke_session() {
-	new_cookie(0); // 0 means delete on browser exit
-
-	unset($_SESSION['authenticated']);
-	unset($_SESSION['account_id']);
-	unset($_SESSION['uid']);
-	unset($_SESSION['visitor_id']);
-	unset($_SESSION['administrator']);
-	unset($_SESSION['cid']);
-	unset($_SESSION['theme']);
-	unset($_SESSION['mobile_theme']);
-	unset($_SESSION['show_mobile']);
-	unset($_SESSION['page_flags']);
-	unset($_SESSION['delegate']);
-	unset($_SESSION['delegate_channel']);
-	unset($_SESSION['my_url']);
-	unset($_SESSION['my_address']);
-	unset($_SESSION['addr']);
-	unset($_SESSION['return_url']);
-	unset($_SESSION['remote_service_class']);
-	unset($_SESSION['remote_hub']);
-}
 
 /**
  * @brief Verify login credentials.
diff --git a/include/session.php b/include/session.php
index 43bba528b..6060e4712 100644
--- a/include/session.php
+++ b/include/session.php
@@ -12,6 +12,38 @@
 $session_exists = 0;
 $session_expire = 180000;
 
+
+/**
+ * @brief Resets the current session.
+ *
+ * @return void
+ */
+
+function nuke_session() {
+	new_cookie(0); // 0 means delete on browser exit
+
+	unset($_SESSION['authenticated']);
+	unset($_SESSION['account_id']);
+	unset($_SESSION['uid']);
+	unset($_SESSION['visitor_id']);
+	unset($_SESSION['administrator']);
+	unset($_SESSION['cid']);
+	unset($_SESSION['theme']);
+	unset($_SESSION['mobile_theme']);
+	unset($_SESSION['show_mobile']);
+	unset($_SESSION['page_flags']);
+	unset($_SESSION['delegate']);
+	unset($_SESSION['delegate_channel']);
+	unset($_SESSION['my_url']);
+	unset($_SESSION['my_address']);
+	unset($_SESSION['addr']);
+	unset($_SESSION['return_url']);
+	unset($_SESSION['remote_service_class']);
+	unset($_SESSION['remote_hub']);
+}
+
+
+
 function new_cookie($time) {
 	$old_sid = session_id();