Description of the bug
whenever a user logs out of Noosfero, the session cookie should be destroyed. Currently after I log out,
Noosfero just does not sends the Set-Cookie header back, what makes the browser keep the last cookie it had.
This means that the browser will keep sending the the same cookie over and over again, and the user will
get the "You have been logged out" message over and over again. Instead, Noosfero should explicitly set
the _noosfero_session cookie to an empty string!
Steps to reproduce
Just log out from any site and keep browsing.
-- 23 May 2012
Topic revision: r4 - 20 Jul 2012 - 14:28:43 - LarissaReis