diff --git a/web/zm_funcs.php b/web/zm_funcs.php
index 97e8baf39..4e390fb9e 100644
--- a/web/zm_funcs.php
+++ b/web/zm_funcs.php
@@ -28,13 +28,13 @@ function userLogin( $username, $password )
 		echo mysql_error();
 	$HTTP_SESSION_VARS['username'] = $username;
 	$HTTP_SESSION_VARS['password'] = $password;
-	if ( $user = mysql_fetch_assoc( $result ) )
+	if ( $db_user = mysql_fetch_assoc( $result ) )
 	{
-		$HTTP_SESSION_VARS['user'] = $user;
+		$HTTP_SESSION_VARS['user'] = $user = $db_user;
 	}
 	else
 	{
-		$HTTP_SESSION_VARS['user'] = array();
+		unset( $user );
 	}
 	session_write_close();
 }
diff --git a/web/zm_html.php b/web/zm_html.php
index 8a38b316f..910f41ce1 100644
--- a/web/zm_html.php
+++ b/web/zm_html.php
@@ -37,6 +37,10 @@ if ( ZM_OPT_USE_AUTH )
 		$user = $HTTP_SESSION_VARS['user'];
 		define( "ZMU_COMMAND", ZMU_PATH." -U ".$HTTP_SESSION_VARS['username']." -P ".$HTTP_SESSION_VARS['password'] );
 	}
+	else
+	{
+		unset( $user );
+	}
 }
 else
 {