3 files changed, 18 insertions, 4 deletions

diff --git a/app/controllers/admin_user_controller.rb b/app/controllers/admin_user_controller.rb
index 12b4e553f..b2c084739 100644
--- a/app/controllers/admin_user_controller.rb
+++ b/app/controllers/admin_user_controller.rb
@@ -77,6 +77,7 @@ class AdminUserController < AdminController
         post_redirect = PostRedirect.new( :uri => main_url(user_url(@admin_user)), :user_id => @admin_user.id)
         post_redirect.save!
         url = main_url(confirm_url(:email_token => post_redirect.email_token, :only_path => true))
+        session[:user_id] = nil # Log out current (usually admin) user, so we get logged in as the other user
 
         redirect_to url
     end
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index f49fc9165..403cb9684 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -182,9 +182,11 @@ class UserController < ApplicationController
             return
         end
 
-        @user = post_redirect.user
-        @user.email_confirmed = true
-        @user.save!
+        if !User.stay_logged_in_on_redirect?(@user)
+            @user = post_redirect.user
+            @user.email_confirmed = true
+            @user.save!
+        end
 
         session[:user_id] = @user.id
         session[:user_circumstance] = post_redirect.circumstance
diff --git a/app/models/user.rb b/app/models/user.rb
index 28d130c46..59a84b7aa 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -61,7 +61,8 @@ class User < ActiveRecord::Base
         :values => [ 
              [ :created_at_numeric, 1, "created_at", :number ] # for sorting
         ],
-        :terms => [ [ :variety, 'V', "variety" ] ]
+        :terms => [ [ :variety, 'V', "variety" ] ],
+        :if => :indexed_by_search?
     def created_at_numeric
         # format it here as no datetime support in Xapian's value ranges
         return self.created_at.strftime("%Y%m%d%H%M%S") 
@@ -264,6 +265,12 @@ class User < ActiveRecord::Base
     def User.view_hidden_requests?(user)
       !user.nil? && user.admin_level == 'super'
     end
+
+    # Should the user be kept logged into their own account
+    # if they follow a /c/ redirect link belonging to another user?
+    def User.stay_logged_in_on_redirect?(user)
+      !user.nil? && user.admin_level == 'super'
+    end
      
     # Does the user get "(admin)" links on each page on the main site?
     def admin_page_links?
@@ -388,6 +395,10 @@ class User < ActiveRecord::Base
     def should_be_emailed?
         return (self.email_confirmed && self.email_bounced_at.nil?)
     end
+    
+    def indexed_by_search?
+        return self.email_confirmed
+    end
 
     ## Private instance methods
     private