Fix unauthorized on index-site for invalid(outdated) tokens

1a3b60c6 · Mika Specht · d324ed1d · 1a3b60c6
Commit 1a3b60c6 authored 1 year ago by Mika Specht
--- a/src/session.rs
+++ b/src/session.rs
@@ -59,7 +59,10 @@ impl<'a> FromRequest<'a> for Session {
 		unsafe {
 			if !SESSIONS.contains_key(&token) {
 				println!("Invalid Token: {:?},", token);
-				Outcome::Error((Status::Unauthorized, "Invalid Token"))
+				//remove the invalid token
+				req.cookies().remove_private("session-token");
+				// We forward so there can be not-logged in paths
+				return Outcome::Forward(Status::Unauthorized);
 			} else {
 				Outcome::Success(Session { token })
 			}