Commit 47bc0125 authored by Robert Speicher's avatar Robert Speicher Committed by Alejandro Rodríguez

Merge branch 'destroy-session' into 'security'

Destroy a user session when they delete their own account via browser

This patch destroys a user's session when they delete their own account
using a browser. A new session is created as they are redirected to the
sign_in page.

Issue: https://gitlab.com/gitlab-org/gitlab-ce/issues/25015

See merge request !2042
parent 6992ac11
......@@ -27,7 +27,10 @@ class RegistrationsController < Devise::RegistrationsController
DeleteUserService.new(current_user).execute(current_user)
respond_to do |format|
format.html { redirect_to new_user_session_path, notice: "Account successfully removed." }
format.html do
session.try(:destroy)
redirect_to new_user_session_path, notice: "Account successfully removed."
end
end
end
......
---
title: Destroy a user's session when they delete their own account
merge_request:
author:
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment