0009665: Logout without unsetting session cookie - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0009665	mantisbt	authentication	public	2008-09-27 09:58	2009-01-15 11:25

Reporter	jreese	Assigned To	jreese
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
OS	Gentoo Linux
Product Version	1.2.0a2
Target Version	1.2.0a3	Fixed in Version	1.2.0a3

Summary	0009665: Logout without unsetting session cookie
Description	MantisSession#destory() uses session_destroy(). But it does not unset session cookie. Logout should unset session cookie for security reason. see attached patch.
Steps To Reproduce	check session id.( with Firefox addon LiveHttpHeader) logout login check session id again.
Additional Information	1.1.2 and 1.2.0
Tags	No tags attached.

jreese 2008-09-27 10:34 reporter ~0019471	Fix has been committed to SVN trunk, r5593.