When deleting a session, the cookies are set to empty values, however they remain in the user's browser, which will then send those cookies even if there's no session added to it. In the same line, if you clear() a session, the "*_data" cookie is still laying around (with the value of "{}").
The second commit on my fork addresses this problem, setting the "expires" to 0 to effectively delete the cookie(s) when not needed anymore.
When deleting a session, the cookies are set to empty values, however they remain in the user's browser, which will then send those cookies even if there's no session added to it. In the same line, if you clear() a session, the "*_data" cookie is still laying around (with the value of "{}").
The second commit on my fork addresses this problem, setting the "expires" to 0 to effectively delete the cookie(s) when not needed anymore.