diff --git a/inc/auth.php b/inc/auth.php
index d511930dc19594db7ceb20dad3935593fd4b8cbd..48888da1e59e5f647e0a31cda27ae404c4412c66 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -157,6 +157,7 @@ function auth_login($user,$pass,$sticky=false,$silent=false){
if($user && $pass){
// we got a cookie - see if we can trust it
if(isset($session) &&
+ ($session['time'] >= @filemtime($conf['cachedir'].'/sessionpurge')) &&
($session['time'] >= time()-$conf['auth_security_timeout']) &&
($session['user'] == $user) &&
($session['pass'] == $pass) && //still crypted
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index e20078d0498533fe11879421f9c138abf62c604a..c5b720444fd6f0bc64d452a4033fee2c38273662 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -364,6 +364,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
* Delete user
*/
function _deleteUser(){
+ global $conf;
+
if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('delUser')) return false;
@@ -381,6 +383,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
msg("$part1, $part2",-1);
}
+ // invalidate all sessions
+ io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
return true;
}
@@ -410,6 +415,8 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
* Modify user (modified user data has been recieved)
*/
function _modifyUser(){
+ global $conf;
+
if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('UserMod')) return false;
@@ -455,6 +462,9 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
$this->_notifyUser($notify,$newpass);
}
+ // invalidate all sessions
+ io_saveFile($conf['cachedir'].'/sessionpurge',time());
+
} else {
msg($this->lang['update_fail'],-1);
}