From 526b3cd9ec52c934dfdedc149c8534f65b665e6d Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 15 May 2020 16:41:05 -0400
Subject: [PATCH] fix: #8142 invalid session warning if server-side session
 destroyed

Resolved regression caused by 5a0c7c1497ed2de84ad317f7e3fcc6b1354b08eb
---
 src/middleware/headers.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/middleware/headers.js b/src/middleware/headers.js
index 453c75736f..e1486145fa 100644
--- a/src/middleware/headers.js
+++ b/src/middleware/headers.js
@@ -56,8 +56,9 @@ module.exports = function (middleware) {
 		}
 
 		// Ensure that the session is valid. This block guards against edge-cases where the server-side session has
-		// been deleted (but client-side cookie still exists)
-		if (req.uid > 0 && !req.session.meta && !res.get('Set-Cookie')) {
+		// been deleted (but client-side cookie still exists).
+		// req.session.flash is present if you visit register/login, so all logged-in users have it, but it is missing if your server-side session got destroyed.
+		if (!req.session.flash && !req.session.meta && !res.get('Set-Cookie')) {
 			res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
 		}