diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 04c3023..0335f01 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -188,12 +188,12 @@ class AccountController < ApplicationController
   
 private
   def logged_user=(user)
+    reset_session
     if user && user.is_a?(User)
       User.current = user
       session[:user_id] = user.id
     else
       User.current = User.anonymous
-      session[:user_id] = nil
     end
   end
 end
diff --git a/test/integration/account_test.rb b/test/integration/account_test.rb
index c6cfd08..d2c757a 100644
--- a/test/integration/account_test.rb
+++ b/test/integration/account_test.rb
@@ -147,6 +147,24 @@ class AccountTest < ActionController::IntegrationTest
     assert user.hashed_password.blank?
   end
   
+  def test_login_and_logout_should_clear_session
+    get '/login'
+    sid = session.session_id
+    
+    post '/login', :username => 'admin', :password => 'admin'
+    assert_redirected_to 'my/page'
+    assert_not_equal sid, session.session_id, "login should reset session"
+    assert_equal 1, session[:user_id]
+    sid = session.session_id
+    
+    get '/'
+    assert_equal sid, session.session_id
+      
+    get '/logout'
+    assert_not_equal sid, session.session_id, "logout should reset session"
+    assert_nil session[:user_id]
+  end
+  
   else
     puts 'Mocha is missing. Skipping tests.'
   end