From 8cbc8f3bd749eab4a1da35a892807c5ad484e56e Mon Sep 17 00:00:00 2001
From: Ere Maijala <ere.maijala@helsinki.fi>
Date: Mon, 5 Oct 2020 19:51:35 +0300
Subject: [PATCH] Reset authentication state on logout. (#1735)

- This probably has no effect in real life unless the followup after logout is short-circuited.
---
 module/VuFind/src/VuFind/Auth/Manager.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/module/VuFind/src/VuFind/Auth/Manager.php b/module/VuFind/src/VuFind/Auth/Manager.php
index 1d0d1a7c8bb..9a7b3dd088c 100644
--- a/module/VuFind/src/VuFind/Auth/Manager.php
+++ b/module/VuFind/src/VuFind/Auth/Manager.php
@@ -403,6 +403,9 @@ class Manager implements \LmcRbacMvc\Identity\IdentityProviderInterface
         // necessary.
         $url = $this->getAuth()->logout($url);
 
+        // Reset authentication state
+        $this->getAuth()->resetState();
+
         // Clear out the cached user object and session entry.
         $this->currentUser = false;
         unset($this->session->userId);
-- 
GitLab