From 8ff8a9ca227b2d3e62e21904cf93936786d84b3f Mon Sep 17 00:00:00 2001
From: Massimo Melina <a@rejetto.com>
Date: Sat, 9 May 2020 22:53:10 +0200
Subject: [PATCH] fix: session logout not working

---
 hslib.pas |  4 ++++
 main.pas  | 16 +++++++++++++---
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/hslib.pas b/hslib.pas
index 53d01e5..fa622c3 100644
--- a/hslib.pas
+++ b/hslib.pas
@@ -213,6 +213,7 @@ type
     function  getHeader(h:string):string;  // extract the value associated to the specified header field
     function  getCookie(k:string):string;
     procedure setCookie(k, v:string; pairs:array of string; extra:string='');
+    procedure delCookie(k:string);
     function getBuffer():ansistring;
     function  initInputStream():boolean;
     property address:string read P_address;      // other peer ip address
@@ -1016,6 +1017,9 @@ if request.cookies = NIL then
 result:=decodeURL(ansistring(trim(request.cookies.values[k])));
 end; // getCookie
 
+procedure ThttpConn.delCookie(k:string);
+begin setCookie(k,'', ['expires','Thu, 01-Jan-70 00:00:01 GMT']) end;
+
 procedure ThttpConn.setCookie(k, v:string; pairs:array of string; extra:string='');
 var
   i: integer;
diff --git a/main.pas b/main.pas
index 717daa0..67c9343 100644
--- a/main.pas
+++ b/main.pas
@@ -355,6 +355,7 @@ type
     function sessionGet(k:string):string;
     procedure sessionSet(k, v:string);
     procedure disconnect(reason:string);
+    procedure logout();
     end; // Tconndata
 
   Tautosave = record
@@ -2300,6 +2301,16 @@ disconnectReason:=reason;
 conn.disconnect();
 end; // disconnect
 
+procedure TconnData.logout();
+begin
+freeAndNIL(session);
+sessions.delete(sessions.IndexOf(sessionID));
+sessionID:='';
+usr:='';
+pwd:='';
+conn.delCookie(SESSION_COOKIE);
+end; // logout
+
 function Tconndata.sessionGet(k:string):string;
 begin
 try result:=session.values[k];
@@ -4469,7 +4480,7 @@ else if tplLast <> 0 then
 end; // keepTplUpdated
 
 function getNewSID():string;
-begin result:=floatToStr(random()) end;
+begin result:=replaceStr(base64encode(str_(now())+str_(random())), '=','') end;
 
 procedure setNewTplFile(fn:string);
 begin
@@ -5206,8 +5217,7 @@ var
       if s = '' then // logout
         begin
         s:='ok';
-        data.usr:='';
-        data.pwd:='';
+        data.logout();
         end
       else
         s:='username not found'