diff --git a/ChangeLog b/ChangeLog
index 510444070..8dbaacb56 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -53,6 +53,9 @@
      [channels.c]
      don't delete the auth socket in channel_stop_listening()
      auth_sock_cleanup_proc() will take care of this.
+   - markus@cvs.openbsd.org 2001/06/05 16:46:19
+     [session.c]
+     let session_close() delete the pty.  deny x11fwd if xauthfile is set.
 
 20010606
  - OpenBSD CVS Sync
@@ -5564,4 +5567,4 @@
  - Wrote replacements for strlcpy and mkdtemp
  - Released 1.0pre1
 
-$Id: ChangeLog,v 1.1262 2001/06/09 01:32:29 mouring Exp $
+$Id: ChangeLog,v 1.1263 2001/06/09 01:34:15 mouring Exp $
diff --git a/session.c b/session.c
index cedd8ad6f..a29546d2f 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.81 2001/06/04 23:16:16 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.82 2001/06/05 16:46:19 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -124,6 +124,7 @@ void	session_set_fds(Session *s, int fdin, int fdout, int fderr);
 void	session_pty_cleanup(Session *s);
 void	session_proctitle(Session *s);
 int	session_setup_x11fwd(Session *s);
+void	session_close(Session *s);
 void	do_exec_pty(Session *s, const char *command);
 void	do_exec_no_pty(Session *s, const char *command);
 void	do_login(Session *s, const char *command);
@@ -413,9 +414,9 @@ do_authenticated1(Authctxt *authctxt)
 				do_exec_pty(s, command);
 			else
 				do_exec_no_pty(s, command);
-
 			if (command != NULL)
 				xfree(command);
+			session_close(s);
 			return;
 
 		default:
@@ -658,7 +659,6 @@ do_exec_pty(Session *s, const char *command)
 	} else {
 		server_loop(pid, ptyfd, fdout, -1);
 		/* server_loop _has_ closed ptyfd and fdout. */
-		session_pty_cleanup(s);
 	}
 }
 
@@ -2047,7 +2047,7 @@ session_setup_x11fwd(Session *s)
 		packet_send_debug("No xauth program; cannot forward with spoofing.");
 		return 0;
 	}
-	if (s->display != NULL) {
+	if (s->display != NULL || xauthfile != NULL) {
 		debug("X11 display already set.");
 		return 0;
 	}
@@ -2079,6 +2079,5 @@ session_setup_x11fwd(Session *s)
 void
 do_authenticated2(Authctxt *authctxt)
 {
-
 	server_loop2();
 }