diff --git a/src/session.rs b/src/session.rs index 87700fa2c0068ed34ab022a28dda7f045dc57cd0..d4029a85bfb0f3de29a70b684f74b29f332376d5 100644 --- a/src/session.rs +++ b/src/session.rs @@ -59,7 +59,10 @@ impl<'a> FromRequest<'a> for Session { unsafe { if !SESSIONS.contains_key(&token) { println!("Invalid Token: {:?},", token); - Outcome::Error((Status::Unauthorized, "Invalid Token")) + //remove the invalid token + req.cookies().remove_private("session-token"); + // We forward so there can be not-logged in paths + return Outcome::Forward(Status::Unauthorized); } else { Outcome::Success(Session { token }) }