From fc7b0984173d3fb4a77be3bf9250561b7a504917 Mon Sep 17 00:00:00 2001
From: emsearcy <emsearcy@137284.no-reply.drupal.org>
Date: Fri, 11 Jul 2014 16:50:09 -0700
Subject: [PATCH] Prevent cached anon user with phpCAS session

---
 cas.module | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/cas.module b/cas.module
index 1833673..a61a690 100644
--- a/cas.module
+++ b/cas.module
@@ -106,6 +106,8 @@ function cas_login_check($force_authentication = TRUE) {
   // Bail out if a module denied login access for this user or unset the user
   // name.
   if (empty($cas_user['login']) || empty($cas_user['name'])) {
+    unset($_SESSION['phpCAS']['user']);
+
     // Only set a warning if we forced login.
     if ($force_authentication) {
       drupal_set_message(t('The user account %name is not available on this site.', array('%name' => $cas_user['name'])), 'error');
@@ -128,6 +130,8 @@ function cas_login_check($force_authentication = TRUE) {
   // }
 
   if ($blocked) {
+    unset($_SESSION['phpCAS']['user']);
+
     // Only display error messages only if the user intended to log in.
     if ($force_authentication) {
       watchdog('cas', $blocked, array('%cas_name' => $cas_name), WATCHDOG_WARNING);
@@ -147,6 +151,7 @@ function cas_login_check($force_authentication = TRUE) {
       // The account could not be created, set a message.
       if ($force_authentication) {
         drupal_set_message(t('A new account could not be created for %cas_name. The username is already in use on this site.', array('%cas_name' => $cas_name)), 'error');
+        unset($_SESSION['phpCAS']);
       }
       return;
     }
@@ -187,7 +192,7 @@ function cas_login_check($force_authentication = TRUE) {
   }
   else {
     $user = drupal_anonymous_user();
-    unset($_SESSION['phpCAS']);
+    unset($_SESSION['phpCAS']['user']);
 
     // Only display error messages only if the user intended to log in.
     if ($force_authentication) {
-- 
2.0.0