From a40273bc924a5feefd87eb26b43a82a4a12fdd2f Mon Sep 17 00:00:00 2001
From: "Zed A. Shaw" <zed.shaw@gmail.com>
Date: Sat, 13 Sep 2025 14:26:05 -0400
Subject: [PATCH] Use sess.Destroy() for logout.

---
 api/auth.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/api/auth.go b/api/auth.go
index 1783269..82837e7 100644
--- a/api/auth.go
+++ b/api/auth.go
@@ -76,7 +76,8 @@ func CheckAuthed(c *fiber.Ctx, needs_admin bool) (*session.Session, error) {
   admin := sess.Get("admin") == true
   authed := sess.Get("authenticated") == true
 
-  log.Printf("session admin=%v, session authed=%v, needs_admin = %v", admin, authed, needs_admin)
+  log.Printf("session admin=%v, session authed=%v, needs_admin = %v",
+    sess.Get("admin"), sess.Get("authenticated"), needs_admin)
 
   if needs_admin {
     authed = admin && authed
@@ -96,7 +97,9 @@ func LogoutUser(c *fiber.Ctx) error {
   sess, err := STORE.Get(c)
   if err != nil { return err }
 
-  sess.Set("authenticated", false)
+  err = sess.Destroy()
+  if err != nil { return err }
+
   err = sess.Save()
   return err
 }