Unable to terminate session

[martinskou]

As the session-strategy always add an ring.middleware.anti-forgery/anti-forgery-token to then :session in response, its impossible to delete the session on the server.

Because the normal way to delete a session is to assoc :session with nil. https://github.com/ring-clojure/ring/wiki/Sessions

[weavejester]

Thanks for the report. I'll accept a PR to fix this.