Description: ------------ this method, although understandably a wrapper for the perm container, does not affirm that the user is still logged in and/or $_auth is not null before proceeding to check the rights of the user. the logout() function only bothers to set $_auth to null when cleaning up. given that, it seems possible that the LoginManager could logout a user, but still check rights on him... which doesn't seem reasonable since, for all intents and purposes, logging out effectly shuts down most of the rest of the LoginManager... and if there's no user logged in anymore, there should no longer be an association with the old user's perm container (which was initialized with his user id).

I think logout should simply also set $this->_perm = null;

This bug has been fixed in CVS. In case this was a documentation problem, the fix will show up at the end of next Sunday (CET) on pear.php.net. In case this was a pear.php.net website problem, the change will show up on the website in short time. Thank you for the report, and for helping us make PEAR better.