From 69982639f2cfd48fb9583856cbf407629e4f291e Mon Sep 17 00:00:00 2001
From: Carl Worth <cworth@cworth.org>
Date: Sat, 23 May 2020 10:24:16 -0700
Subject: [PATCH] /logout: Destroy the session object on logout

This allows for using the /logout API to clear a session, (even if the
user hasn't authenticated at all).
---
 lmno.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lmno.js b/lmno.js
index 8630651..f5de9eb 100644
--- a/lmno.js
+++ b/lmno.js
@@ -180,6 +180,7 @@ function auth_admin(request, response, next) {
 
 app.get('/logout', (request, response) => {
   request.session.user = undefined;
+  request.session.destroy();
 
   response.send("You are now logged out.");
 });
-- 
2.43.0