--- ../rt-3.8.5/share/html/Elements/SetupSessionCookie 2009-09-15 02:23:22.000000000 +0900
+++ share/html/Elements/SetupSessionCookie 2009-09-30 08:17:57.000000000 +0900
@@ -53,11 +53,17 @@
my %cookies = CGI::Cookie->fetch;
my $cookiename = "RT_SID_". RT->Config->Get('rtname');
$cookiename .= ".". $ENV{'SERVER_PORT'} if $ENV{'SERVER_PORT'};
-$SessionCookie ||= ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef ),
+$SessionCookie = ( $cookies{$cookiename} ? $cookies{$cookiename}->value : undef );
tie %session, 'RT::Interface::Web::Session', $SessionCookie;
undef $cookies{$cookiename} unless $SessionCookie && $session{'_session_id'} eq $SessionCookie;
+unless ($session{'CurrentUser'} && $session{CurrentUser}->id) {
+ tied(%session)->delete;
+ undef $cookies{$cookiename};
+ tie %session, 'RT::Interface::Web::Session', undef;
+}
+
if ( int RT->Config->Get('AutoLogoff') ) {
my $now = int(time/60);
my $last_update = $session{'_session_last_update'} || 0;