From d17bc6115ffec04ecabc7e217e29cec6f533a6af Mon Sep 17 00:00:00 2001
From: alexm <alexm@verdnatura.es>
Date: Wed, 12 Jul 2023 07:17:20 +0200
Subject: [PATCH 1/2] refs #5863 logout remove $_SESSION['user']

---
 js/vn/json-connection.js | 1 +
 rest/user/logout.php     | 7 +++++++
 2 files changed, 8 insertions(+)
 create mode 100644 rest/user/logout.php

diff --git a/js/vn/json-connection.js b/js/vn/json-connection.js
index 6a088aaa..e06a0c4e 100644
--- a/js/vn/json-connection.js
+++ b/js/vn/json-connection.js
@@ -86,6 +86,7 @@ module.exports = new Class({
 				headers: {'Authorization': token}
 			};
 			await this.post('Accounts/logout', null, config);
+			await this.send('user/logout');
 		}
 	},
 
diff --git a/rest/user/logout.php b/rest/user/logout.php
new file mode 100644
index 00000000..a7e7e849
--- /dev/null
+++ b/rest/user/logout.php
@@ -0,0 +1,7 @@
+<?php
+
+class Logout extends Vn\Web\JsonRequest {
+	function run($db) {
+		$_SESSION['user'] = null;
+	}
+}
-- 
2.40.1


From 9363cdf5a440c998543107798cd5787c2dddcd89 Mon Sep 17 00:00:00 2001
From: alexm <alexm@verdnatura.es>
Date: Wed, 12 Jul 2023 08:34:47 +0200
Subject: [PATCH 2/2] refs #5863 fix remove user session

---
 debian/changelog |  2 +-
 package.json     |  2 +-
 web/service.php  | 14 ++++++--------
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b067011e..51881885 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-hedera-web (23.6.17) stable; urgency=low
+hedera-web (23.6.18) stable; urgency=low
 
   * Initial Release.
 
diff --git a/package.json b/package.json
index 109f2cf3..155089d2 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hedera-web",
-  "version": "23.6.17",
+  "version": "23.6.18",
   "description": "Verdnatura web page",
   "license": "GPL-3.0",
   "repository": {
diff --git a/web/service.php b/web/service.php
index d18bd6b8..f9ee20f3 100644
--- a/web/service.php
+++ b/web/service.php
@@ -150,9 +150,6 @@ abstract class Service {
 		if (!empty($_GET['access_token']))
 			$token = $_GET['access_token'];
 
-		error_log("Start login logs\n");
-		error_log("_SERVER_HTTP_AUTHORIZATION: " . $_SERVER['HTTP_AUTHORIZATION'] . " _GET_Access_token: " . $_GET['access_token'] . "EndLine\n");
-
 		if (isset($token)) {
 			$userId = $db->getValue(
 				'SELECT userId FROM salix.AccessToken
@@ -161,8 +158,10 @@ abstract class Service {
 				[$token]
 			);
 
-			if (!$userId)
+			if (!$userId) {
+				$_SESSION['user'] = null;
 				throw new SessionExpiredException();
+			}
 
 			$anonymousUser = FALSE;
 			$user = $db->getValue(
@@ -178,11 +177,12 @@ abstract class Service {
 				[$user]
 			);
 
-			if (!$isActive)
+			if (!$isActive) {
+				$_SESSION['user'] = null;
 				throw new UserDisabledException();
+			}
 		}
 
-		error_log("user: " . $user . "EndLine\n");
 		$db->query('CALL account.myUser_loginWithName(#)', [$user]);
 
 		$userChanged = !$anonymousUser
@@ -191,8 +191,6 @@ abstract class Service {
 		$_SESSION['user'] = $user;
 
 		// Registering the user access
-		error_log("SESSION_Access: " . $_SESSION['access'] . " _userChanged: " . $userChanged . " _SESSION_User: " . $_SESSION['user'] . "EndLine\n");
-		error_log("End login logs\n");
 		if (isset($_SESSION['access']) && $userChanged)
 			$db->query(
 				'CALL visitUser_new(#, #)',
-- 
2.40.1