File

modules/system/system.module, line 2941

Code

function system_handle_logout() {
  global $user;

  $user_name = $user->name;
  $uid = $user->id;

  // Finish up logging out. 

  // In an effort to mimimize a bug in Safari, we will
  // overwrite the SESSION variables, then perform a few other operations,
  // to make sure they are well and truly destroyed.
  foreach ($_SESSION as $key => $val) {
    $_SESSION [$key] = "x";
  }
  foreach ($_SESSION as $key => $val) {
    $_SESSION [$key] = FALSE;
  }
  $_SESSION = array();
  if (isset($_COOKIE [session_name()])) // remove cookie by setting it to expire, if it's there.
   {
    $cookie_expires = time() - 3600;
    setcookie(session_name(), "", $cookie_expires, '/');
  }

  // unset cookies  from https://stackoverflow.com/questions/2310558/how-to-delete-all-cookies-of-my-website-in-php
  // We won't use $_COOKIE for this, as we might get an array for the $val, if the cookie was set using array notation.  This
  // code snippit should fix that.
  if (isset($_SERVER ['HTTP_COOKIE'])) {
    $cookies = explode(';', $_SERVER ['HTTP_COOKIE']);
    foreach ($cookies as $cookie) {
      $parts = explode('=', $cookie);
      $name = trim($parts [0]);
      // Only do this for non-mfa related cookies.
      if (!str_starts_with($name, "flightpath_mfa_remember")) {
        setcookie($name, '', time() - 3600);
        setcookie($name, '', time() - 3600, '/');
      }
    }
  }



  // I know this is repetitive, but I want to make ABSOLUTELY SURE
  // I am removing the session by removing it, creating a new one, then killing that one too.
  session_destroy();
  session_commit();
  session_start();
  session_destroy();
  session_commit();


  // Check for hook_user_logout
  $modules = modules_implement_hook("user_logout");
  foreach ($modules as $module) {
    call_user_func($module . '_user_logout');
  }


  watchdog("logout", "@user has logged out", array("@user" => "$user_name ($uid)"));

  fp_goto("<front>", "logout=true");

}