From 32ff15e1f1b0102d0a8c01ef6da79990846cf085 Mon Sep 17 00:00:00 2001
From: Alan Hamlett <alan.hamlett@gmail.com>
Date: Sat, 28 Jul 2018 20:10:43 -0700
Subject: [PATCH 1/3] clear session identifier on logout

---
 flask_login/utils.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/flask_login/utils.py b/flask_login/utils.py
index 904fb005..09b70157 100644
--- a/flask_login/utils.py
+++ b/flask_login/utils.py
@@ -195,6 +195,9 @@ def logout_user():
     if '_fresh' in session:
         session.pop('_fresh')
 
+    if '_id' in session:
+        session.pop('_id')
+
     cookie_name = current_app.config.get('REMEMBER_COOKIE_NAME', COOKIE_NAME)
     if cookie_name in request.cookies:
         session['remember'] = 'clear'

From cd676278c96497058580ba3bffe07e579008fd6b Mon Sep 17 00:00:00 2001
From: Alan Hamlett <alan.hamlett@gmail.com>
Date: Sat, 28 Jul 2018 20:16:37 -0700
Subject: [PATCH 2/3] self is login_manager

---
 flask_login/login_manager.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/flask_login/login_manager.py b/flask_login/login_manager.py
index 2e6979f7..8ba7a6e0 100644
--- a/flask_login/login_manager.py
+++ b/flask_login/login_manager.py
@@ -169,7 +169,7 @@ def unauthorized(self):
         config = current_app.config
         if config.get('USE_SESSION_FOR_NEXT', USE_SESSION_FOR_NEXT):
             login_url = expand_login_view(login_view)
-            session['_id'] = current_app.login_manager._session_identifier_generator()
+            session['_id'] = self._session_identifier_generator()
             session['next'] = make_next_param(login_url, request.url)
             redirect_url = make_login_url(login_view)
         else:
@@ -282,7 +282,7 @@ def needs_refresh(self):
         config = current_app.config
         if config.get('USE_SESSION_FOR_NEXT', USE_SESSION_FOR_NEXT):
             login_url = expand_login_view(self.refresh_view)
-            session['_id'] = current_app.login_manager._session_identifier_generator()
+            session['_id'] = self._session_identifier_generator()
             session['next'] = make_next_param(login_url, request.url)
             redirect_url = make_login_url(self.refresh_view)
         else:

From da89839cdf2f9b434581fb8f877b2f413e36c285 Mon Sep 17 00:00:00 2001
From: Alan Hamlett <alan.hamlett@gmail.com>
Date: Sat, 28 Jul 2018 20:20:53 -0700
Subject: [PATCH 3/3] fix pep8

---
 test_login.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test_login.py b/test_login.py
index 8cfda8eb..43a54d29 100644
--- a/test_login.py
+++ b/test_login.py
@@ -518,7 +518,7 @@ def login():
                              'http://localhost/login')
             self.assertEqual(c.get('/login').data.decode('utf-8'), '/secret')
 
-    def test_unauthorized_with_next_in_strong_session_where_current_user_is_called(self):
+    def test_unauthorized_with_next_in_strong_session(self):
         self.login_manager.login_view = 'login'
         self.app.config['SESSION_PROTECTION'] = 'strong'
         self.app.config['USE_SESSION_FOR_NEXT'] = True