Miscellaneous fixes to session handling

modules/member/member.controller.php

@@ -216,6 +216,10 @@ class memberController extends member
 		
 		$autologin_id = intval(Context::get('autologin_id'));
 		$autologin_key = Context::get('autologin_key');
+		if (!$autologin_id || !$autologin_key)
+		{
+			return new Object(-1, 'msg_invalid_request');
+		}
 		
 		$args = new stdClass;
 		$args->autologin_id = $autologin_id;
@@ -2645,14 +2649,6 @@ class memberController extends member
 		setcookie('sso','',$_SERVER['REQUEST_TIME']-42000, '/');
 		setcookie('xeak','',$_SERVER['REQUEST_TIME']-42000, '/');
 		setcookie('xe_logged', 'false', $_SERVER['REQUEST_TIME'] - 42000, '/');
-
-		if($memberSrl || $_COOKIE['xeak'])
-		{
-			$args = new stdClass();
-			$args->member_srl = $memberSrl;
-			$args->autologin_key = $_COOKIE['xeak'];
-			$output = executeQuery('member.deleteAutologin', $args);
-		}
 	}
 
 	function _updatePointByGroup($memberSrl, $groupSrlList)

modules/member/queries/deleteAutologin.xml

@@ -4,6 +4,6 @@
     </tables>
     <conditions>
         <condition operation="equal" column="autologin_key" var="autologin_key" />
-        <condition operation="equal" column="member_srl" var="member_srl" pipe="or" />
+        <condition operation="equal" column="member_srl" var="member_srl" pipe="and" />
     </conditions>
 </query>