Don't destroy the session if logins are still present. fixes #12301

If you are logged-in into multiple database servers, logOut() logs you out of all of them. This fix will prevent that, and will only destroy the session when you log out of the last server. Signed-off-by: Michal Čihař <michal@cihar.com> Signed-off-by: Harro Verton <wanwizard@wanwizard.eu>
phpmyadmin · Apr 28, 2017 · cde775b · cde775b
1 parent 6e27bc6
commit cde775b
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/libraries/plugins/AuthenticationPlugin.php b/libraries/plugins/AuthenticationPlugin.php
@@ -74,9 +74,17 @@ public function logOut()
         $PHP_AUTH_USER = '';
         $PHP_AUTH_PW = '';
 
+        /* Get a logged-in server count */
+        $servers = 0;
+        foreach ($GLOBALS['cfg']['Servers'] as $key => $val) {
+            if (isset($_COOKIE['pmaAuth-' . $key])) {
+                $servers++;
+            }
+        }
+
         /* delete user's choices that were stored in session */
-        $_SESSION = array();
-        if (!defined('TESTSUITE')) {
+        if ($servers === 0 and ! defined('TESTSUITE')) {
+            $_SESSION = array();
             session_destroy();
         }