From 8e92d9b16388646c43219b7dd58ee894b34db227 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sat, 19 Oct 2024 16:15:39 +0300
Subject: [PATCH] server: remove cookie if it's invalid

---
 cmd/gomuks/server.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cmd/gomuks/server.go b/cmd/gomuks/server.go
index 39f7a1e..feb3bed 100644
--- a/cmd/gomuks/server.go
+++ b/cmd/gomuks/server.go
@@ -213,6 +213,10 @@ func (gmx *Gomuks) AuthMiddleware(next http.Handler) http.Handler {
 				ErrMissingCookie.Write(w)
 				return
 			} else if !gmx.validateAuth(authCookie.Value, false) {
+				http.SetCookie(w, &http.Cookie{
+					Name:   "gomuks_auth",
+					MaxAge: -1,
+				})
 				ErrInvalidCookie.Write(w)
 				return
 			}