-
Bug
-
Resolution: Fixed
-
Major
-
2.6.3, 2.7
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
MOODLE_26_STABLE, MOODLE_27_STABLE
-
wip_
MDL-46099_m28_userglobal -
If you look at the code in \core\session\manager::terminal_current(), there is a call to init_empty_session(), which resets $_SESSION. However, this does not reset $USER or $SESSION as they still point to the value that was contained in $_SESSION.
We need to apply the same rule to $_SESSION than to $USER/$SESSION and wipe their content.
- has a non-specific relationship to
-
MDL-40805 user_logout event is not triggered when using CAS authentication with CAS logout option set to yes
- Closed