From c7e9f3cb1b9cedb328da28aa5f4237fdc325e68c Mon Sep 17 00:00:00 2001
From: Corey Hulen <corey@hulen.com>
Date: Wed, 15 Jun 2016 04:10:22 -0800
Subject: PLT-3264 remove session cookie when switching accounts (#3341)

---
 api/user.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/user.go b/api/user.go
index 8e7329f46..b9ae23ac5 100644
--- a/api/user.go
+++ b/api/user.go
@@ -2055,6 +2055,7 @@ func oauthToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	go sendSignInChangeEmail(c, user.Email, c.GetSiteURL(), c.T("api.templates.signin_change_email.body.method_email"))
 
 	RevokeAllSession(c, c.Session.UserId)
+	c.RemoveSessionCookie(w, r)
 	if c.Err != nil {
 		return
 	}
@@ -2111,6 +2112,7 @@ func emailToLdap(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	RevokeAllSession(c, user.Id)
+	c.RemoveSessionCookie(w, r)
 	if c.Err != nil {
 		return
 	}
@@ -2194,6 +2196,7 @@ func ldapToEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	}
 
 	RevokeAllSession(c, user.Id)
+	c.RemoveSessionCookie(w, r)
 	if c.Err != nil {
 		return
 	}
-- 
cgit v1.2.3-1-g7c22