From ab1d68d166ca57e6a0c0de6d940dd395826e37f4 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Mon, 4 Dec 2006 10:41:20 +0000
Subject: [PATCH] - Patch #90612 by Bart Jansens: user_logout should only end
 the current session.

---
 includes/bootstrap.inc   |  2 +-
 includes/session.inc     | 14 +++++++++++---
 modules/user/user.module |  6 +++---
 3 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index a05a08d7494..a331dbd34d3 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -731,7 +731,7 @@ function _drupal_bootstrap($phase) {
 
     case DRUPAL_BOOTSTRAP_SESSION:
       require_once './includes/session.inc';
-      session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");
+      session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
       session_start();
       break;
 
diff --git a/includes/session.inc b/includes/session.inc
index 4c61bb6374b..922f0611a4a 100644
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -125,13 +125,21 @@ function sess_count($timestamp = 0, $anonymous = true) {
 
 /**
  * Called by PHP session handling with the PHP session ID to end a user's session.
- * Can also be called directly, either with the PHP session ID or another identifier
- * such as uid to end a specific user's session.
+ *
+ * @param  string $sid
+ *   the session id
+ */
+function sess_destroy_sid($sid) {
+  db_query("DELETE FROM {sessions} WHERE sid = '%s'", $sid);
+}
+
+/**
+ * End a specific user's session
  *
  * @param  string $uid
  *   the user id
  */
-function sess_destroy($uid) {
+function sess_destroy_uid($uid) {
   db_query('DELETE FROM {sessions} WHERE uid = %d', $uid);
 }
 
diff --git a/modules/user/user.module b/modules/user/user.module
index 3e81adbb7d8..30abd234f43 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -148,7 +148,7 @@ function user_save($account, $array = array(), $category = 'account') {
 
     // Delete a blocked user's sessions to kick them if they are online.
     if (isset($array['status']) && $array['status'] == 0) {
-      sess_destroy($account->uid);
+      sess_destroy_uid($account->uid);
     }
 
     // Refresh user object
@@ -1014,7 +1014,7 @@ function user_logout() {
   watchdog('user', t('Session closed for %name.', array('%name' => $user->name)));
 
   // Destroy the current session:
-  sess_destroy($user->uid);
+  session_destroy();
   module_invoke_all('user', 'logout', NULL, $user);
 
   // Load the anonymous user
@@ -1444,7 +1444,7 @@ function user_confirm_delete($name, $uid) {
  */
 function user_delete($edit, $uid) {
   $account = user_load(array('uid' => $uid));
-  sess_destroy($uid);
+  sess_destroy_uid($uid);
   db_query('DELETE FROM {users} WHERE uid = %d', $uid);
   db_query('DELETE FROM {users_roles} WHERE uid = %d', $uid);
   db_query('DELETE FROM {authmap} WHERE uid = %d', $uid);