5 files changed, 33 insertions, 12 deletions

diff --git a/modules/simpletest/drupal_web_test_case.php b/modules/simpletest/drupal_web_test_case.php
index 860a18c9f..40b3fbd27 100644
--- a/modules/simpletest/drupal_web_test_case.php
+++ b/modules/simpletest/drupal_web_test_case.php
@@ -948,11 +948,10 @@ class DrupalWebTestCase extends DrupalTestCase {
    * Logs a user out of the internal browser, then check the login page to confirm logout.
    */
   protected function drupalLogout() {
-    // Make a request to the logout page.
-    $this->drupalGet('user/logout');
-
-    // Load the user page, the idea being if you were properly logged out you should be seeing a login screen.
-    $this->drupalGet('user');
+    // Make a request to the logout page, and redirect to the user page, the
+    // idea being if you were properly logged out you should be seeing a login
+    // screen.
+    $this->drupalGet('user/logout', array('query' => 'destination=user'));
     $pass = $this->assertField('name', t('Username field found.'), t('Logout'));
     $pass = $pass && $this->assertField('pass', t('Password field found.'), t('Logout'));
 
diff --git a/modules/simpletest/tests/session.test b/modules/simpletest/tests/session.test
index d53c14c20..fb82f179d 100644
--- a/modules/simpletest/tests/session.test
+++ b/modules/simpletest/tests/session.test
@@ -195,6 +195,17 @@ class SessionTestCase extends DrupalWebTestCase {
     $this->assertNoText(t('This is a dummy message.'), t('Message was not cached.'));
     $this->assertEqual($this->drupalGetHeader('X-Drupal-Cache'), 'HIT', t('Page was cached.'));
     $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.'));
+
+    // Verify that no session is created if drupal_save_session(FALSE) is called.
+    $this->drupalGet('session-test/set-message-but-dont-save');
+    $this->assertSessionCookie(FALSE);
+    $this->assertSessionEmpty(TRUE);
+
+    // Verify that no message is displayed.
+    $this->drupalGet('');
+    $this->assertSessionCookie(FALSE);
+    $this->assertSessionEmpty(TRUE);
+    $this->assertNoText(t('This is a dummy message.'), t('The message was not saved.'));
   }
 
   /**
@@ -205,6 +216,7 @@ class SessionTestCase extends DrupalWebTestCase {
   function sessionReset($uid = 0) {
     // Close the internal browser.
     $this->curlClose();
+    $this->loggedInUser = FALSE;
 
     // Change cookie file for user.
     $this->cookieFile = file_directory_temp() . '/cookie.' . $uid . '.txt';
diff --git a/modules/simpletest/tests/session_test.module b/modules/simpletest/tests/session_test.module
index 55613c97d..48a655001 100644
--- a/modules/simpletest/tests/session_test.module
+++ b/modules/simpletest/tests/session_test.module
@@ -37,6 +37,12 @@ function session_test_menu() {
     'access arguments' => array('access content'),
     'type' => MENU_CALLBACK,
   );
+  $items['session-test/set-message-but-dont-save'] = array(
+    'title' => t('Session value'),
+    'page callback' => '_session_test_set_message_but_dont_save',
+    'access arguments' => array('access content'),
+    'type' => MENU_CALLBACK,
+  );
   $items['session-test/set-not-started'] = array(
     'title' => t('Session value'),
     'page callback' => '_session_test_set_not_started',
@@ -109,6 +115,14 @@ function _session_test_set_message() {
 }
 
 /**
+ * Menu callback, sets a message but call drupal_save_session(FALSE).
+ */
+function _session_test_set_message_but_dont_save() {
+  drupal_save_session(FALSE);
+  _session_test_set_message();
+}
+
+/**
  * Menu callback, stores a value in $_SESSION['session_test_value'] without
  * having started the session in advance.
  */
diff --git a/modules/user/user.module b/modules/user/user.module
index 6d884b5b9..29fb8c492 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1970,10 +1970,8 @@ function _user_cancel($edit, $account, $method) {
 
   // After cancelling account, ensure that user is logged out.
   if ($account->uid == $user->uid) {
-    // Destroy the current session.
+    // Destroy the current session, and reset $user to the anonymous user.
     session_destroy();
-    // Load the anonymous user.
-    $user = drupal_anonymous_user();
   }
   else {
     drupal_session_destroy_uid($account->uid);
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index e9778e32e..bfeea5778 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -136,12 +136,10 @@ function user_logout() {
 
   watchdog('user', 'Session closed for %name.', array('%name' => $user->name));
 
-  // Destroy the current session:
-  session_destroy();
   module_invoke_all('user_logout', NULL, $user);
 
-  // Load the anonymous user
-  $user = drupal_anonymous_user();
+  // Destroy the current session, and reset $user to the anonymous user.
+  session_destroy();
 
   drupal_goto();
 }