From 9c959b259c25a591be9ae26caac0a0a4467f7720 Mon Sep 17 00:00:00 2001
From: Thibaut Horel <thibaut.horel@gmail.com>
Date: Sun, 30 Dec 2018 06:34:30 -0500
Subject: Improve logout

---
 main.go  | 16 ++++++++++------
 store.go |  6 ++++++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/main.go b/main.go
index a5de4dc..174a610 100644
--- a/main.go
+++ b/main.go
@@ -87,13 +87,17 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func (app *App) logoutHandler(w http.ResponseWriter, r *http.Request) {
-	c := http.Cookie{
-		Name:   "id",
-		Value:  "",
-		Domain: "." + app.Domain,
-		MaxAge: 0,
+	if s, ok := app.validate(r); ok {
+		// should we save old sessions in another table?
+		app.DeleteSession(s.Id)
+		c := http.Cookie{
+			Name:   "id",
+			Value:  "",
+			Domain: "." + app.Domain,
+			MaxAge: -1,
+		}
+		http.SetCookie(w, &c)
 	}
-	http.SetCookie(w, &c)
 	http.Redirect(w, r, "/login", http.StatusSeeOther)
 }
 
diff --git a/store.go b/store.go
index 89698ea..5e76cfc 100644
--- a/store.go
+++ b/store.go
@@ -24,6 +24,7 @@ type Store interface {
 	GetSession(id string) (*Session, bool)
 	NewSession(userId int64) *Session
 	GetUser(name string) (*User, bool)
+	DeleteSession(id string)
 }
 
 type PgStore struct {
@@ -66,6 +67,11 @@ func (store *PgStore) NewSession(userId int64) *Session {
 	return s
 }
 
+func (store *PgStore) DeleteSession(id string) {
+	store.Query("DELETE FROM sessions WHERE id = $1", id)
+	delete(store.sessionCache, id)
+}
+
 func (store *PgStore) GetUser(name string) (*User, bool) {
 	u := &User{Name: name}
 	row := store.QueryRow(
-- 
cgit v1.2.3-70-g09d2