Remove remember me token only for the current device (#7799)

* Remove remember me token only for the current device

* Update user_profile.php

core/users/user_profile.php

@@ -406,7 +406,6 @@
 				$array['users'][$x]['salt'] = null;
 
 				//remove remember me tokens
-				setcookie('remember', '', time() - 3600, '/');
 				$sql = "update v_user_logs ";
 				$sql .= "set remember_selector = null, ";
 				$sql .= "remember_validator = null ";
@@ -415,6 +414,10 @@
 				$database->execute($sql, $parameters);
 				unset($sql, $parameters);
 
+				//unset remember me cookie
+				unset($_COOKIE['remember']);
+				setcookie('remember', '', time() - 3600, '/');
+
 				//send the password changed email
 				if (valid_email($user_email)) {
 					//generate email and body variables

logout.php

@@ -31,15 +31,22 @@
 	$logout_destination = $settings->get('login', 'logout_destination', PROJECT_PATH.'/');
 
 //remove remember me token
-	setcookie('remember', '', time() - 3600, '/');
+	if ($_COOKIE['remember']) {
+		$cookie_selector = explode(":", $_COOKIE['remember'])[0];
+
 		$sql = "update v_user_logs ";
 		$sql .= "set remember_selector = null, ";
 		$sql .= "remember_validator = null ";
-	$sql .= "where user_uuid = :user_uuid ";
-	$parameters['user_uuid'] = $_SESSION['user_uuid'];
+		$sql .= "where remember_selector = :remember_selector ";
+		$parameters['remember_selector'] = $cookie_selector;
 		$database->execute($sql, $parameters);
 		unset($sql, $parameters);
 
+		//unset cookie
+		unset($_COOKIE['remember']);
+		setcookie('remember', '', time() - 3600, '/');
+	}
+
 //destroy session
 	session_unset();
 	session_destroy();