From 9c52fd2e74cb07db499361531511a44ed7aaa687 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 2 Apr 2021 10:40:48 -0400
Subject: [PATCH] fix: #9450 express session saved even if saveUninitialized
 explicitly passed in

---
 src/middleware/user.js    | 4 +++-
 src/routes/write/index.js | 4 ++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/middleware/user.js b/src/middleware/user.js
index 845dd56877..32f0cc6955 100644
--- a/src/middleware/user.js
+++ b/src/middleware/user.js
@@ -11,6 +11,7 @@ const privileges = require('../privileges');
 const plugins = require('../plugins');
 const helpers = require('./helpers');
 const auth = require('../routes/authentication');
+const writeRouter = require('../routes/write');
 
 const controllers = {
 	helpers: require('../controllers/helpers'),
@@ -19,11 +20,12 @@ const controllers = {
 
 const passportAuthenticateAsync = function (req, res) {
 	return new Promise((resolve, reject) => {
-		passport.authenticate('core.api', { session: false }, (err, user) => {
+		passport.authenticate('core.api', (err, user) => {
 			if (err) {
 				reject(err);
 			} else {
 				resolve(user);
+				res.on('finish', writeRouter.cleanup.bind(null, req));
 			}
 		})(req, res);
 	});
diff --git a/src/routes/write/index.js b/src/routes/write/index.js
index be236e1355..b62ca2fcc0 100644
--- a/src/routes/write/index.js
+++ b/src/routes/write/index.js
@@ -63,3 +63,7 @@ Write.reload = async (params) => {
 		helpers.formatApiResponse(404, res);
 	});
 };
+
+Write.cleanup = (req) => {
+	req.session.destroy();
+};