From a17690dc91308773acc4d9970b61b0e993f4850e Mon Sep 17 00:00:00 2001
From: Jakob Ketterl <jakob.ketterl@gmx.de>
Date: Mon, 3 May 2021 23:22:28 +0200
Subject: [PATCH] clear session cookie if invalid

---
 owrx/controllers/admin.py   | 7 ++++++-
 owrx/controllers/session.py | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/owrx/controllers/admin.py b/owrx/controllers/admin.py
index 8777164..803eeb8 100644
--- a/owrx/controllers/admin.py
+++ b/owrx/controllers/admin.py
@@ -1,6 +1,7 @@
-from .session import SessionStorage
+from owrx.controllers.session import SessionStorage
 from owrx.users import UserList
 from urllib import parse
+from http.cookies import SimpleCookie
 
 import logging
 
@@ -41,6 +42,10 @@ class AuthorizationMixin(object):
         if self.isAuthorized():
             super().handle_request()
         else:
+            cookie = SimpleCookie()
+            cookie["owrx-session"] = ""
+            cookie["owrx-session"]["expires"] = "Thu, 01 Jan 1970 00:00:00 GMT"
+            self.set_response_cookies(cookie)
             if (
                 "x-requested-with" in self.request.headers
                 and self.request.headers["x-requested-with"] == "XMLHttpRequest"
diff --git a/owrx/controllers/session.py b/owrx/controllers/session.py
index a140683..6807a91 100644
--- a/owrx/controllers/session.py
+++ b/owrx/controllers/session.py
@@ -1,4 +1,4 @@
-from .template import WebpageController
+from owrx.controllers.template import WebpageController
 from urllib.parse import parse_qs, urlencode
 from uuid import uuid4
 from http.cookies import SimpleCookie