From 3c066319dd9efbc24d0ab893fd4ddc6acd432a48 Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Sat, 8 Jan 2011 16:10:06 +0100
Subject: [PATCH] destroy session after logout

---
 .../java/sonia/scm/web/security/BasicSecurityContext.java | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
index 86643ff23a..d53c04eec7 100644
--- a/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
+++ b/scm-webapp/src/main/java/sonia/scm/web/security/BasicSecurityContext.java
@@ -56,6 +56,7 @@ import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 /**
  *
@@ -178,6 +179,13 @@ public class BasicSecurityContext implements WebSecurityContext
   {
     user = null;
     groups = new HashSet<String>();
+
+    HttpSession session = request.getSession(false);
+
+    if (session != null)
+    {
+      session.invalidate();
+    }
   }
 
   //~--- get methods ----------------------------------------------------------