Delete session if secret id is not found

[rmunn]

This loses the feature where if there is no id then ID of 1 is assumed. Was that the intent? As it is now, if the session cookie does not contain &id= then shouldDestroy is set to true and the first (most recent) secret is not tried.

[pixelmund]

You're absolutely right, i think i have it correct now. If there is no ID we set the decodeID to 1. If there is no secret with the decodeID. I use the most recent secret.