From 56593e05e694544f20334816ba9e8ac85a837614 Mon Sep 17 00:00:00 2001
From: tanner0101 <me@tanner.xyz>
Date: Tue, 14 Aug 2018 13:57:15 -0400
Subject: [PATCH] unauth session if no user is authed when sending response,
 fixes #52

---
 .../Persist/AuthenticationSessionsMiddleware.swift          | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Sources/Authentication/Persist/AuthenticationSessionsMiddleware.swift b/Sources/Authentication/Persist/AuthenticationSessionsMiddleware.swift
index 8ff0598..2a7cdf7 100644
--- a/Sources/Authentication/Persist/AuthenticationSessionsMiddleware.swift
+++ b/Sources/Authentication/Persist/AuthenticationSessionsMiddleware.swift
@@ -26,9 +26,13 @@ public final class AuthenticationSessionsMiddleware<A>: Middleware where A: Sess
         return future.flatMap {
             // respond to the request
             return try next.respond(to: req).map { res in
-                // if a user is authed, store in the session
                 if let a = try req.authenticated(A.self) {
+                    // if a user has been authed (or is still authed), store in the session
                     try req.authenticateSession(a)
+                } else {
+                    // if no user is authed, it's possible they've been unauthed.
+                    // remove from session.
+                    try req.unauthenticateSession(A.self)
                 }
                 return res
             }