Merge branch 'destroy-session' into 'security'

Destroy a user session when they delete their own account via browser This patch destroys a user's session when they delete their own account using a browser. A new session is created as they are redirected to the sign_in page. Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015 See merge request !2042
author: Robert Speicher <robert@gitlab.com> 2016-12-07 00:51:33 +0000
committer: Alejandro Rodríguez <alejorro70@gmail.com> 2016-12-08 21:21:06 -0300
commit: 47bc0125beba2351c5d78323677a34d19b102047 (patch)
tree: 9e0c9f32800c8761726917ab3d5456761afc07e5 /app/controllers/registrations_controller.rb
parent: 6992ac111713be14b050a72a462eb70d9be35ebc (diff)
download: gitlab-ce-47bc0125beba2351c5d78323677a34d19b102047.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/app/controllers/registrations_controller.rb b/app/controllers/registrations_controller.rb
index 3327f4f2b87..c45196cc3e9 100644
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -27,7 +27,10 @@ class RegistrationsController < Devise::RegistrationsController
     DeleteUserService.new(current_user).execute(current_user)
 
     respond_to do |format|
-      format.html { redirect_to new_user_session_path, notice: "Account successfully removed." }
+      format.html do
+        session.try(:destroy)
+        redirect_to new_user_session_path, notice: "Account successfully removed."
+      end 
     end
   end
author	Robert Speicher <robert@gitlab.com>	2016-12-07 00:51:33 +0000
committer	Alejandro Rodríguez <alejorro70@gmail.com>	2016-12-08 21:21:06 -0300
commit	47bc0125beba2351c5d78323677a34d19b102047 (patch)
tree	9e0c9f32800c8761726917ab3d5456761afc07e5 /app/controllers/registrations_controller.rb
parent	6992ac111713be14b050a72a462eb70d9be35ebc (diff)
download	gitlab-ce-47bc0125beba2351c5d78323677a34d19b102047.tar.gz