From 3efae186be2cfab172328786d35aaf257343784c Mon Sep 17 00:00:00 2001
From: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Date: Tue, 8 Nov 2022 13:40:17 +0000
Subject: [PATCH] Bug 31908: Resolve second login with another userid

Somewhere the line undef $userid got removed.
We need it to resolve the second login situation.

Test plan:
Login in staff with user missing privileges.
On the login form login again with another staff user.
Note that you do no longer crash.

Run t/db../Auth.t
Run t/db../Koha/Auth/TwoFactorAuth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
---
 C4/Auth.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index 64aa95556a..b70afa9988 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -906,6 +906,7 @@ sub checkauth {
                 $cookie = $cookie_mgr->clear_unless( $query->cookie, @$cookie );
                 C4::Context::_unset_userenv($sessionID);
                 $sessionID = undef;
+                undef $userid; # IMPORTANT: this assures us a new session in code below
             } elsif (!$logout) {
 
                 $cookie = $cookie_mgr->replace_in_list( $cookie, $query->cookie(
-- 
2.20.1