fix: #8142 invalid session warning if server-side session destroyed

Resolved regression caused by 5a0c7c1497
5 years ago · 526b3cd9ec
parent 5fd81c5c04
commit 526b3cd9ec
1 changed files with 3 additions and 2 deletions
--- a/src/middleware/headers.js
+++ b/src/middleware/headers.js
@ -56,8 +56,9 @@ module.exports = function (middleware) {
 		}

 		// Ensure that the session is valid. This block guards against edge-cases where the server-side session has
-		// been deleted (but client-side cookie still exists)
-		if (req.uid > 0 && !req.session.meta && !res.get('Set-Cookie')) {
+		// been deleted (but client-side cookie still exists).
+		// req.session.flash is present if you visit register/login, so all logged-in users have it, but it is missing if your server-side session got destroyed.
+		if (!req.session.flash && !req.session.meta && !res.get('Set-Cookie')) {
 			res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
 		}