From 9363cdf5a440c998543107798cd5787c2dddcd89 Mon Sep 17 00:00:00 2001
From: alexm <alexm@verdnatura.es>
Date: Wed, 12 Jul 2023 08:34:47 +0200
Subject: [PATCH] refs #5863 fix remove user session

---
 debian/changelog |  2 +-
 package.json     |  2 +-
 web/service.php  | 14 ++++++--------
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b067011e..51881885 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-hedera-web (23.6.17) stable; urgency=low
+hedera-web (23.6.18) stable; urgency=low
 
   * Initial Release.
 
diff --git a/package.json b/package.json
index 109f2cf3..155089d2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hedera-web",
-  "version": "23.6.17",
+  "version": "23.6.18",
   "description": "Verdnatura web page",
   "license": "GPL-3.0",
   "repository": {
diff --git a/web/service.php b/web/service.php
index d18bd6b8..f9ee20f3 100644
--- a/web/service.php
+++ b/web/service.php
@@ -150,9 +150,6 @@ abstract class Service {
 		if (!empty($_GET['access_token']))
 			$token = $_GET['access_token'];
 
-		error_log("Start login logs\n");
-		error_log("_SERVER_HTTP_AUTHORIZATION: " . $_SERVER['HTTP_AUTHORIZATION'] . " _GET_Access_token: " . $_GET['access_token'] . "EndLine\n");
-
 		if (isset($token)) {
 			$userId = $db->getValue(
 				'SELECT userId FROM salix.AccessToken
@@ -161,8 +158,10 @@ abstract class Service {
 				[$token]
 			);
 
-			if (!$userId)
+			if (!$userId) {
+				$_SESSION['user'] = null;
 				throw new SessionExpiredException();
+			}
 
 			$anonymousUser = FALSE;
 			$user = $db->getValue(
@@ -178,11 +177,12 @@ abstract class Service {
 				[$user]
 			);
 
-			if (!$isActive)
+			if (!$isActive) {
+				$_SESSION['user'] = null;
 				throw new UserDisabledException();
+			}
 		}
 
-		error_log("user: " . $user . "EndLine\n");
 		$db->query('CALL account.myUser_loginWithName(#)', [$user]);
 
 		$userChanged = !$anonymousUser
@@ -191,8 +191,6 @@ abstract class Service {
 		$_SESSION['user'] = $user;
 
 		// Registering the user access
-		error_log("SESSION_Access: " . $_SESSION['access'] . " _userChanged: " . $userChanged . " _SESSION_User: " . $_SESSION['user'] . "EndLine\n");
-		error_log("End login logs\n");
 		if (isset($_SESSION['access']) && $userChanged)
 			$db->query(
 				'CALL visitUser_new(#, #)',