diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php
index bbe0cb9775..32e7ad3fbd 100644
--- a/application/loginwebpage.class.inc.php
+++ b/application/loginwebpage.class.inc.php
@@ -90,6 +90,17 @@ h1 {
 		}
 		if (!UserRights::Login($sAuthUser, $sAuthPwd))
 		{
+			// Unset all of the session variables.
+			$_SESSION = array();
+			// If it's desired to kill the session, also delete the session cookie.
+			// Note: This will destroy the session, and not just the session data!
+			if (isset($_COOKIE[session_name()]))
+			{
+				setcookie(session_name(), '', time()-3600, '/');
+			}		
+			// Finally, destroy the session.
+			session_destroy();
+
 			$oPage = new login_web_page();
 		    $oPage->DisplayLoginForm( true /* failed attempt */);
 		    $oPage->output();