/logout: Destroy the session object on logout

This allows for using the /logout API to clear a session, (even if the
user hasn't authenticated at all).

diff --git a/lmno.js b/lmno.js
index 86306516878b1f68fd6d980ad9ea4e912692d053..f5de9eb17228c10cac827ee87f468c7fa2fca7ad 100644 (file)
--- a/lmno.js
+++ b/lmno.js
@@ -180,6 +180,7 @@ function auth_admin(request, response, next) {
 
 app.get('/logout', (request, response) => {
   request.session.user = undefined;
+  request.session.destroy();
 
   response.send("You are now logged out.");
 });