From d0fcd235365760bc20b61eef4ab1685b19f8dbf2 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 23 Jun 2015 09:33:07 +0200
Subject: [PATCH] (mvc) trash session userdata on timeout

---
 .../mvc/app/controllers/OPNsense/Base/ControllerRoot.php       | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
index 508f60589..59d2622a7 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerRoot.php
@@ -77,6 +77,9 @@ class ControllerRoot extends Controller
             && $this->session->get("last_access") < (time() - 14400)) {
             // session expired (todo, use config timeout)
             $this->getLogger()->error("session expired");
+            // cleanup session data
+            $this->session->remove("Username");
+            $this->session->remove("last_access");
             $this->response->redirect("/", true);
             return false;
         }