From c276e9e8d79ad0f94162aefb7704303cbca705c7 Mon Sep 17 00:00:00 2001
From: Marcel Pennewiss <github@pennewiss.de>
Date: Tue, 15 Mar 2016 21:55:08 +0100
Subject: [PATCH] Invalidate user session cache after profile data was changed

---
 inc/auth.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/inc/auth.php b/inc/auth.php
index 8965ee4c0..10d55980d 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -1049,12 +1049,19 @@ function updateprofile() {
         return false;
     }
 
-    // update cookie and session with the changed data
     if($changes['pass']) {
+        // update cookie and session with the changed data
         list( /*user*/, $sticky, /*pass*/) = auth_getCookie();
         $pass = auth_encrypt($changes['pass'], auth_cookiesalt(!$sticky, true));
         auth_setCookie($INPUT->server->str('REMOTE_USER'), $pass, (bool) $sticky);
+    } else {
+        // make sure the session is writable
+        @session_start();
+        // invalidate session cache
+        $_SESSION[DOKU_COOKIE]['auth']['time'] = 0;
+        session_write_close();
     }
+
     return true;
 }
 
-- 
GitLab