From b81149fa47edf38ebe2ed56e0653d3582cd96f91 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Mon, 25 Jul 2011 21:15:09 +0000
Subject: [PATCH] Remove autologin cookie on unverified request.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@6316 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application_controller.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index bfed52d84..1a9eb16d7 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -27,7 +27,10 @@ class ApplicationController < ActionController::Base
   exempt_from_layout 'builder', 'rsb'
   
   protect_from_forgery
-
+  def handle_unverified_request
+    super
+    cookies.delete(:autologin)
+  end
   # Remove broken cookie after upgrade from 0.8.x (#4292)
   # See https://rails.lighthouseapp.com/projects/8994/tickets/3360
   # TODO: remove it when Rails is fixed
-- 
2.39.5