/**
* Log out a user by removing the related session variables
* Remove any autologin cookies.
*
* @param boolean $destroy completely destroy the session
* @param boolean $logoutAll remove all tokens for user
* @return boolean
*/
public function logout($destroy = false, $logoutAll = false)
{
if ($this->_cookies->has('authautologin')) {
$cookieToken = $this->_cookies->get('authautologin')->getValue();
// Delete the autologin cookie to prevent re-login
$this->_cookies->set('authautologin', "", time() - 3600);
$this->_cookies->delete('authautologin');
// Clear the autologin token from the database
$token = Tokens::findFirst(array('token=:token:', 'bind' => array(':token' => $cookieToken)));
if ($logoutAll) {
// Delete all user tokens
foreach (Tokens::find(array('user_id=:user_id:', 'bind' => array(':user_id' => $token->user_id))) as $_token) {
$_token->delete();
}
} else {
if ($token) {
$token->delete();
}
}
}
// delete session from DB
$this->sessionDb($this->_session->get($this->_config['session_key'])->id, TRUE);
// Destroy the session completely
if ($destroy === true) {
$this->_session->destroy();
} else {
// Remove the user from the session
$this->_session->remove($this->_config['session_key']);
// Remove user's roles from the session
if ($this->_config['session_roles']) {
$this->_session->remove($this->_config['session_roles']);
}
// Regenerate session_id
session_regenerate_id();
}
// Double check
return !$this->logged_in();
}