From d87cc35a5c4c6065f48140b0e73ea1f1ff46003f Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@git.wordpress.org>
Date: Sun, 7 May 2017 16:53:51 +0000
Subject: [PATCH] Users: Clear the user settings cookies when clearing auth
 cookies.

This prevents lingering cookies when logging out and when switching between user accounts.

Props soulseekah, shanee
Fixes #32567


git-svn-id: https://develop.svn.wordpress.org/trunk@40580 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 2b9d912958..eaaf47d154 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -938,6 +938,7 @@ function wp_clear_auth_cookie() {
 		return;
 	}
 
+	// Auth cookies
 	setcookie( AUTH_COOKIE,        ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH,   COOKIE_DOMAIN );
 	setcookie( SECURE_AUTH_COOKIE, ' ', time() - YEAR_IN_SECONDS, ADMIN_COOKIE_PATH,   COOKIE_DOMAIN );
 	setcookie( AUTH_COOKIE,        ' ', time() - YEAR_IN_SECONDS, PLUGINS_COOKIE_PATH, COOKIE_DOMAIN );
@@ -945,6 +946,10 @@ function wp_clear_auth_cookie() {
 	setcookie( LOGGED_IN_COOKIE,   ' ', time() - YEAR_IN_SECONDS, COOKIEPATH,          COOKIE_DOMAIN );
 	setcookie( LOGGED_IN_COOKIE,   ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH,      COOKIE_DOMAIN );
 
+	// Settings cookies
+	setcookie( 'wp-settings-' . get_current_user_id(),      ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
+	setcookie( 'wp-settings-time-' . get_current_user_id(), ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH );
+
 	// Old cookies
 	setcookie( AUTH_COOKIE,        ' ', time() - YEAR_IN_SECONDS, COOKIEPATH,     COOKIE_DOMAIN );
 	setcookie( AUTH_COOKIE,        ' ', time() - YEAR_IN_SECONDS, SITECOOKIEPATH, COOKIE_DOMAIN );