Hi Erik. Were you: a) using LSID cookies (i.e. checking the "forget met not box")? Then see bug #703138.
b) using e.g. HTTP Basic Authentication Then see bug #703130... i.e. you'd get automatically re-logged-in and a new SID cookie would be created. Can you confirm either of this? Anyway... I agree with you and Andrew, that ideally the session record in the DB should be cleared, too, after logging out. btw: Is there some mechanism that regularly removes session records from the DB in order not to have it grown infinitely? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
