From a5b5f87d27d972c8406d2b9acd3aed1404b01831 Mon Sep 17 00:00:00 2001
From: master3395 <master3395@users.noreply.github.com>
Date: Sat, 14 Feb 2026 22:20:26 +0100
Subject: [PATCH] Fix phpMyAdmin logout: proper SignonSession destruction
 (issue #1680)

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 plogical/phpmyadminsignin.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plogical/phpmyadminsignin.php b/plogical/phpmyadminsignin.php
index fd7b82665..91ffef3a3 100644
--- a/plogical/phpmyadminsignin.php
+++ b/plogical/phpmyadminsignin.php
@@ -32,11 +32,14 @@ try {
         echo '<script>document.getElementById("redirectForm").submit();</script>';
 
     } else if (isset($_POST['logout']) || isset($_GET['logout'])) {
+        session_name(PMA_SIGNON_SESSIONNAME);
+        @session_start();
+        $_SESSION = array();
         $params = session_get_cookie_params();
         setcookie(session_name(), '', time() - 86400, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
         session_destroy();
         header('Location: /base/');
-        return;
+        exit;
     } else if (isset($_POST['password'])) {
 
         session_name(PMA_SIGNON_SESSIONNAME);