Forcibly clean and destroy the session on logout (#11447)

Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
author: zeripath <art27@cantab.net> 2020-05-17 07:05:11 +0100
committer: GitHub <noreply@github.com> 2020-05-17 14:05:11 +0800
commit: a0d35fb6ad5ac380abd80ac5177234338e2fe2ff (patch)
tree: fbdc0842433e7092026c6b4a388b5490be5ea39f /routers/user/auth.go
parent: 5cf224abe3acd1e4336ec6672293397bc0e271de (diff)
download: gitea-a0d35fb6ad5ac380abd80ac5177234338e2fe2ff.tar.gz
gitea-a0d35fb6ad5ac380abd80ac5177234338e2fe2ff.zip
1 files changed, 2 insertions, 5 deletions
diff --git a/routers/user/auth.go b/routers/user/auth.go
index 4f01062e3f..f00f349a0d 100644
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -994,11 +994,8 @@ func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form au
 
 // HandleSignOut resets the session and sets the cookies
 func HandleSignOut(ctx *context.Context) {
-	_ = ctx.Session.Delete("uid")
-	_ = ctx.Session.Delete("uname")
-	_ = ctx.Session.Delete("socialId")
-	_ = ctx.Session.Delete("socialName")
-	_ = ctx.Session.Delete("socialEmail")
+	_ = ctx.Session.Flush()
+	_ = ctx.Session.Destroy(ctx.Context)
 	ctx.SetCookie(setting.CookieUserName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
 	ctx.SetCookie(setting.CookieRememberName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
 	ctx.SetCookie(setting.CSRFCookieName, "", -1, setting.AppSubURL, setting.SessionConfig.Domain, setting.SessionConfig.Secure, true)
author	zeripath <art27@cantab.net>	2020-05-17 07:05:11 +0100
committer	GitHub <noreply@github.com>	2020-05-17 14:05:11 +0800
commit	a0d35fb6ad5ac380abd80ac5177234338e2fe2ff (patch)
tree	fbdc0842433e7092026c6b4a388b5490be5ea39f /routers/user/auth.go
parent	5cf224abe3acd1e4336ec6672293397bc0e271de (diff)
download	gitea-a0d35fb6ad5ac380abd80ac5177234338e2fe2ff.tar.gz gitea-a0d35fb6ad5ac380abd80ac5177234338e2fe2ff.zip