From 49f28ecaf89e6b2d65466a53069f5b81a61cfb09 Mon Sep 17 00:00:00 2001
From: andryyy <andre.peters@debinux.de>
Date: Sun, 14 May 2017 21:53:08 +0200
Subject: [PATCH] Destroy session when it becomes invalid

---
 data/web/inc/sessions.inc.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/data/web/inc/sessions.inc.php b/data/web/inc/sessions.inc.php
index e6beb485..b6241839 100644
--- a/data/web/inc/sessions.inc.php
+++ b/data/web/inc/sessions.inc.php
@@ -54,5 +54,9 @@ function session_check() {
   return true;
 }
 if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  exit("Invalid session");
+  session_regenerate_id(true);
+  session_unset();
+  session_destroy();
+  session_write_close();
+  header("Location: /");
 }