From 8332aaa95242635733bdd21be57d95e1b9a38f3a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Thu, 21 May 2009 14:07:25 +0000
Subject: [PATCH] Session name DOLSESSID_databasename is replace with
 DOLSESSID_dolibarrwebinstance. This remove a key read in conf.class.php used
 to name session because, to make code simpler, we will need to create session
 before the conf is loaded. This is also most secure because it is possible to
 use 2 dolibarr instances even if database names are same on two different
 mysql server. Add also comments on code to remember to simplify things.

---
 htdocs/user/logout.php | 22 ++++++++--------------
 1 file changed, 8 insertions(+), 14 deletions(-)

diff --git a/htdocs/user/logout.php b/htdocs/user/logout.php
index 49c4bd341d2..d2ae3442405 100644
--- a/htdocs/user/logout.php
+++ b/htdocs/user/logout.php
@@ -25,15 +25,14 @@
  * 		\version	$Id$
  */
 
-if ($_SESSION["dol_authmode"] == 'forceuser'
-  	 && $_SESSION["dol_authmode"] == 'http')
+require_once("../main.inc.php");
+
+if (!empty($_SESSION["dol_authmode"]) && ($_SESSION["dol_authmode"] == 'forceuser'
+  	 || $_SESSION["dol_authmode"] == 'http'))
 {
    die("Disconnection does not work when connection was made in mode ".$_SESSION["dol_authmode"]);
 }
 
-include_once("../conf/conf.php");
-require_once("../main.inc.php");
-
 // Define url to go after disconnect
 $urlfrom=empty($_SESSION["urlfrom"])?'':$_SESSION["urlfrom"];
 
@@ -44,6 +43,10 @@ if ($conf->phenix->enabled && $conf->phenix->cookie)
 	setcookie($conf->phenix->cookie, '', 1, "/");
 }
 
+// Destroy object of session
+session_unregister("dol_login");
+session_unregister("dol_entity");
+
 // Destroy session
 $sessionname='DOLSESSID_'.eregi_replace('[^a-z0-9]','',$_SERVER["SERVER_NAME"].'_'.$_SERVER["DOCUMENT_ROOT"]);
 if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) ini_set('session.gc_maxlifetime',$conf->global->MAIN_SESSION_TIMEOUT);
@@ -58,15 +61,6 @@ session_name($sessionname);
 session_destroy();
 dol_syslog("End of session ".$sessionname);
 
-// Init session. Name of session is specific to Dolibarr instance.
-$sessionname='DOLSESSID_'.eregi_replace('[^a-z0-9]','',$_SERVER["SERVER_NAME"].'_'.$_SERVER["DOCUMENT_ROOT"]);
-if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) ini_set('session.gc_maxlifetime',$conf->global->MAIN_SESSION_TIMEOUT);
-session_name($sessionname);
-session_start();
-dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".$_SESSION["dol_login"].", ".ini_get("session.gc_maxlifetime"));
-
-session_unregister("dol_login");
-session_unregister("dol_entity");
 
 // Destroy entity cookie
 // TODO MULTICOMP Must fix this. Use session instead of cookie.