Open martinskou opened 5 years ago
As the session-strategy always add an ring.middleware.anti-forgery/anti-forgery-token to then :session in response, its impossible to delete the session on the server.
Because the normal way to delete a session is to assoc :session with nil. https://github.com/ring-clojure/ring/wiki/Sessions
Thanks for the report. I'll accept a PR to fix this.
As the session-strategy always add an ring.middleware.anti-forgery/anti-forgery-token to then :session in response, its impossible to delete the session on the server.
Because the normal way to delete a session is to assoc :session with nil. https://github.com/ring-clojure/ring/wiki/Sessions