2 files changed, 26 insertions, 2 deletions

diff --git a/server/handlers.py b/server/handlers.py
index 5df7161..42f53b4 100644
--- a/server/handlers.py
+++ b/server/handlers.py
@@ -27,6 +27,12 @@ class CreateSession(CodeqService):
         request.reply({'code': 0, 'message': 'OK', 'sid': server.user_session.UserSession().get_sid()})
 
 
+class DestroySession(CodeqService):
+    def process(self, request):
+        request.session.destroy()
+        request.reply({'code': 0, 'message': 'OK'})
+
+
 class Login(CodeqService):
     """Logs in a client, authenticating the session.
     """
@@ -48,9 +54,10 @@ class Login(CodeqService):
                 settings = session.get_settings()
                 request.reply({'code': 0, 'message': 'OK', 'name': name, 'email' : email, 'joined' : date_joined.isoformat(), 'last-login' : last_login.isoformat(), 'settings': settings})
 
+
 class Logout(CodeqService):
     def process(self, request):
-        request.session.destroy()
+        request.session.logout()
         request.reply({'code': 0, 'message': 'OK'})
 
 
@@ -302,6 +309,7 @@ class SamlLogin(CodeqService):
 # maps actions to their handlers
 incoming_handlers = {
     'create_session': CreateSession(),
+    'destroy_session': DestroySession(),
     'login': Login(),
     'signup': Signup(),
     'change_password': ChangePassword(),
@@ -318,7 +326,8 @@ incoming_handlers = {
     'load_problem': LoadProblem(),
     'end_problem': EndProblem(),
     'user_stat': GetUserStat(),
-    'saml_login': SamlLogin()
+    'saml_login': SamlLogin(),
+    'saml_logout': Logout()
 }
 
 
diff --git a/server/user_session.py b/server/user_session.py
index 739da9a..dbf886c 100644
--- a/server/user_session.py
+++ b/server/user_session.py
@@ -154,6 +154,21 @@ class UserSession(object):
                     pass
                 db.return_connection(conn)
 
+    def logout(self):
+        """Logs out the session, rendering it anonymous."""
+        with self._access_lock:
+            lang_session = self._lang_session
+            self._lang_session = None
+            uid = self.uid
+            sid = self.sid
+            username = self.username
+            self.uid = None
+            self.username = None
+            self.settings = {}
+        if lang_session is not None:  # do not handle the language session holding the lock: we may deadlock if the callee calls the caller
+            lang_session.destroy()
+        logging.debug('User session logged out: username={0}, uid={1}, sid={2}'.format(username, uid, sid))
+
     def destroy(self):
         """Destroys the session."""
         with module_access_lock: