From 3483c8318f2e8cd5d0769e81930c2d5a28f49791 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Wed, 28 Jan 2015 12:56:25 +1100
Subject: [PATCH] FEATURE: logging out logs you out everywhere

can be disabled by changing the setting "log_out_strict" to false
---
 config/locales/server.en.yml              | 1 +
 config/site_settings.yml                  | 1 +
 lib/auth/default_current_user_provider.rb | 5 +++++
 lib/current_user.rb                       | 2 +-
 4 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 045aeca7eee..22ad4af979d 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -768,6 +768,7 @@ en:
     email_domains_blacklist: "A list of email domains that users are not allowed to register accounts with. Example: mailinator.com trashmail.net"
     email_domains_whitelist: "A list of email domains that users MUST register accounts with. WARNING: Users with email domains other than those listed will not be allowed!"
     forgot_password_strict: "Don't inform users of an account's existance when they use the forgot password dialog."
+    log_out_strict: "When logging out, log out ALL sessions for the user on all devices"
     version_checks: "Ping the Discourse Hub for version updates and show new version messages on the /admin dashboard"
     new_version_emails: "Send an email to the contact_email address when a new version of Discourse is available."
 
diff --git a/config/site_settings.yml b/config/site_settings.yml
index 2bc8133562a..25acf591241 100644
--- a/config/site_settings.yml
+++ b/config/site_settings.yml
@@ -234,6 +234,7 @@ login:
     default: ''
     type: list
   forgot_password_strict: false
+  log_out_strict: true
 
 users:
   min_username_length:
diff --git a/lib/auth/default_current_user_provider.rb b/lib/auth/default_current_user_provider.rb
index 9772a037d7a..1e5cec773a3 100644
--- a/lib/auth/default_current_user_provider.rb
+++ b/lib/auth/default_current_user_provider.rb
@@ -82,6 +82,11 @@ class Auth::DefaultCurrentUserProvider
   end
 
   def log_off_user(session, cookies)
+    if SiteSetting.log_out_strict && (user = current_user)
+      user.auth_token = nil
+      user.save!
+      MessageBus.publish "/logout", user.id, user_ids: [user.id]
+    end
     cookies[TOKEN_COOKIE] = nil
   end
 
diff --git a/lib/current_user.rb b/lib/current_user.rb
index 97658574195..dc81ca43ca0 100644
--- a/lib/current_user.rb
+++ b/lib/current_user.rb
@@ -27,7 +27,7 @@ module CurrentUser
   end
 
   def current_user
-    c = current_user_provider.current_user
+    current_user_provider.current_user
   end
 
   private