From 0a89528d580596a694b05d3853a7627ac75dd5df Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Tue, 8 Nov 2022 13:40:17 +0000
Subject: [PATCH] Bug 31908: Resolve second login with another userid

Somewhere the line undef $userid got removed.
We need it to resolve the second login situation.

Test plan:
Login in staff with user missing privileges.
On the login form login again with another staff user.
Note that you do no longer crash.

Run t/db../Auth.t
Run t/db../Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
(cherry picked from commit 2d0a2c44e7def9002b6fc11a83c3219d070343a3)
---
 C4/Auth.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index a243f88565..e0b73e8729 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -918,6 +918,7 @@ sub checkauth {
                 $cookie = $cookie_mgr->clear_unless( $query->cookie, @$cookie );
                 C4::Context::_unset_userenv($sessionID);
                 $sessionID = undef;
+                undef $userid; # IMPORTANT: this assures us a new session in code below
 
                 if ($cas and $caslogout) {
                     logout_cas($query, $type);
-- 
2.39.2