diff --git a/ChangeLog b/ChangeLog
index ee9e9a9d8..37396e864 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 + [lang] Russian update, thanks to Victor Volkov
 - patch #2143882 [import] Temporary uploaded file not deleted,
   thanks to David Misc - dmisc
+- bug #2136986 [auth] Cannot create database after session timeout 
 
 3.0.0.0 (2008-09-27)
 + [export] properly handle line breaks for YAML, thanks to Dan Barry -
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index 9d8669858..dbe719b15 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -407,6 +407,10 @@ function PMA_auth_check()
     if (! empty($_REQUEST['old_usr'])) {
         // The user wants to be logged out
         // -> delete his choices that were stored in session
+
+        // according to the PHP manual we should do this before the destroy:
+        $_SESSION = array();
+
         session_destroy();
         // -> delete password cookie(s)
         if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
@@ -459,6 +463,11 @@ function PMA_auth_check()
 
     // User inactive too long
     if ($_SESSION['last_access_time'] < time() - $GLOBALS['cfg']['LoginCookieValidity']) {
+        PMA_cacheUnset('is_create_db_priv', true);
+        PMA_cacheUnset('is_process_priv', true);
+        PMA_cacheUnset('is_reload_priv', true);
+        PMA_cacheUnset('db_to_create', true);
+        PMA_cacheUnset('dbs_where_create_table_allowed', true);
         $GLOBALS['no_activity'] = true;
         PMA_auth_fails();
         exit;
diff --git a/libraries/check_user_privileges.lib.php b/libraries/check_user_privileges.lib.php
index 228cdc226..42cd73a34 100644
--- a/libraries/check_user_privileges.lib.php
+++ b/libraries/check_user_privileges.lib.php
@@ -147,6 +147,7 @@ function PMA_analyseShowGrant()
 
     PMA_DBI_free_result($rs_usr);
 
+    // must also PMA_cacheUnset() them in libraries/auth/cookie.auth.lib.php
     PMA_cacheSet('is_create_db_priv', $GLOBALS['is_create_db_priv'], true);
     PMA_cacheSet('is_process_priv', $GLOBALS['is_process_priv'], true);
     PMA_cacheSet('is_reload_priv', $GLOBALS['is_reload_priv'], true);
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 078ec2d4c..7aa987b75 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -2443,7 +2443,7 @@ window.addEvent('domready', function(){
 }
 
 /**
- * Cache information in the session
+ * Verifies if something is cached in the session
  *
  * @param unknown_type $var
  * @param unknown_type $val
@@ -2459,7 +2459,7 @@ function PMA_cacheExists($var, $server = 0)
 }
 
 /**
- * Cache information in the session
+ * Gets cached information from the session
  *
  * @param unknown_type $var
  * @param unknown_type $val
@@ -2479,7 +2479,7 @@ function PMA_cacheGet($var, $server = 0)
 }
 
 /**
- * Cache information in the session
+ * Caches information in the session
  *
  * @param unknown_type $var
  * @param unknown_type $val
@@ -2494,6 +2494,21 @@ function PMA_cacheSet($var, $val = null, $server = 0)
     $_SESSION['cache']['server_' . $server][$var] = $val;
 }
 
+/**
+ * Removes cached information from the session
+ *
+ * @param unknown_type $var
+ * @param unknown_type $server
+ * @return mixed
+ */
+function PMA_cacheUnset($var, $server = 0)
+{
+    if (true === $server) {
+        $server = $GLOBALS['server'];
+    }
+    unset($_SESSION['cache']['server_' . $server][$var]);
+}
+
 /**
  * Converts a bit value to printable format;
  * in MySQL a BIT field can be from 1 to 64 bits so we need this