Merge branch 'destroy-session' into 'security'

Destroy a user session when they delete their own account via browser This patch destroys a user's session when they delete their own account using a browser. A new session is created as they are redirected to the sign_in page. Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015 See merge request !2042

Merge branch 'destroy-session' into 'security'
Destroy a user session when they delete their own account via browser This patch destroys a user's session when they delete their own account using a browser. A new session is created as they are redirected to the sign_in page. Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015 See merge request !2042
ab95492b · Robert Speicher · Alejandro Rodriguez · 9a3135ae · ab95492b · ab95492b
Commit ab95492b authored Dec 07, 2016 by Robert Speicher Committed by Alejandro Rodriguez Dec 07, 2016
Showing with 8 additions and 1 deletion

app/controllers/registrations_controller.rb app/controllers/registrations_controller.rb +4 -1

changelogs/unreleased/destroy-session.yml changelogs/unreleased/destroy-session.yml +4 -0

No files found.
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -27,7 +27,10 @@ class RegistrationsController < Devise::RegistrationsController
    DeleteUserService.new(current_user).execute(current_user)
    respond_to do |format|
-      format.html { redirect_to new_user_session_path, notice: "Account successfully removed." }
+      format.html do
+        session.try(:destroy)
+        redirect_to new_user_session_path, notice: "Account successfully removed."
+      end 
    end
  end

--- a/changelogs/unreleased/destroy-session.yml
+++ b/changelogs/unreleased/destroy-session.yml
+---
+title: Destroy a user's session when they delete their own account
+merge_request: 
+author: