* clearing saved user auth key on logout

3 files changed, 32 insertions, 1 deletions

diff --git a/app/frontend/facades/UserFacade.php b/app/frontend/facades/UserFacade.php
index a976af2..0bc5863 100644
--- a/app/frontend/facades/UserFacade.php
+++ b/app/frontend/facades/UserFacade.php
@@ -160,6 +160,15 @@ class UserFacade extends Facade {
         }
     }
 
+    public function clearUserAuthKey(DbUser $user) {
+        if (!$user->IsGuest && $user->DbRecord && $user->AuthKey) {
+            $keyRecord = UserAuthKey::finder()->findByAuthKey($user->AuthKey);
+            if ($keyRecord && $keyRecord->UserID == $user->DbRecord->ID) {
+                $keyRecord->delete();
+            }
+        }
+    }
+
 }
 
 ?>
diff --git a/app/frontend/user/AuthManager.php b/app/frontend/user/AuthManager.php
new file mode 100644
index 0000000..54f92e4
--- /dev/null
+++ b/app/frontend/user/AuthManager.php
@@ -0,0 +1,22 @@
+<?php
+
+Prado::using('System.Security.TAuthManager');
+
+Prado::using('Application.facades.UserFacade');
+
+class AuthManager extends TAuthManager {
+
+    public function logout() {
+        $cookie = $this->Application->Request->Cookies[$this->UserKey];
+        if ($cookie) {
+            $user = $this->UserManager->getUserFromCookie($cookie);
+            if ($user && $user->Name === $this->Application->User->Name) {
+                UserFacade::getInstance()->clearUserAuthKey($user);
+            }
+        }
+        parent::logout();
+    }
+
+}
+
+?>
diff --git a/app/frontend/user/config.xml b/app/frontend/user/config.xml
index d4ca867..103b007 100644
--- a/app/frontend/user/config.xml
+++ b/app/frontend/user/config.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 <configuration>
   <modules>
-    <module id="auth" class="System.Security.TAuthManager"
+    <module id="auth" class="Application.user.AuthManager"
             UserManager="users" LoginPage="Login"
             AllowAutoLogin="true" />
     <module id="users" class="System.Security.TDbUserManager"