From: Carl Worth <cworth@cworth.org>
Date: Sat, 23 May 2020 17:24:16 +0000 (-0700)
Subject: /logout: Destroy the session object on logout
X-Git-Url: https://git.cworth.org/git?p=empires-server;a=commitdiff_plain;h=69982639f2cfd48fb9583856cbf407629e4f291e

/logout: Destroy the session object on logout

This allows for using the /logout API to clear a session, (even if the
user hasn't authenticated at all).
---

diff --git a/lmno.js b/lmno.js
index 8630651..f5de9eb 100644
--- a/lmno.js
+++ b/lmno.js
@@ -180,6 +180,7 @@ function auth_admin(request, response, next) {
 
 app.get('/logout', (request, response) => {
   request.session.user = undefined;
+  request.session.destroy();
 
   response.send("You are now logged out.");
 });