do not close session in auth_logoff FS#1519

Ignore-this: b30b94c67baa8a8916dd216424e9473c

As auth_logoff is called very early for all not-logged in users it
prevented writing the breadcrumbs and might have broken some other
things relying on a open session at beginning of the script.

auth_logoff now makes sure the session is open but will not close
it.

Additionally the session is now explicitly closed before a redirect.

darcs-hash:20090210100257-7ad00-50470f18edb9fdbeb555fbf5d8a470a3b077915d.gz

2 files changed, 4 insertions, 4 deletions

diff --git a/inc/auth.php b/inc/auth.php
index fa087e8f6..e1f9029a9 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -276,7 +276,7 @@ function auth_logoff($keepbc=false){
   global $INFO, $ID;
   global $auth;
 
-  // reopen session
+  // make sure the session is writable (it usually is)
   @session_start();
 
   if(isset($_SESSION[DOKU_COOKIE]['auth']['user']))
@@ -300,9 +300,6 @@ function auth_logoff($keepbc=false){
   if($auth && $auth->canDo('logoff')){
     $auth->logOff();
   }
-
-  // close session again
-  session_write_close();
 }
 
 /**
diff --git a/inc/common.php b/inc/common.php
index 817e416b0..46d0002df 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -1463,6 +1463,9 @@ function is_mem_available($mem,$bytes=1048576){
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function send_redirect($url){
+    // always close the session
+    session_write_close();
+
     // check if running on IIS < 6 with CGI-PHP
     if( isset($_SERVER['SERVER_SOFTWARE']) && isset($_SERVER['GATEWAY_INTERFACE']) &&
         (strpos($_SERVER['GATEWAY_INTERFACE'],'CGI') !== false) &&