clear cookie if non-existent session.

internal/api/router.go

@@ -69,10 +69,12 @@ func (api *ApiManagerCtx) Authenticate(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session, err := api.sessions.Authenticate(r)
 		if err != nil {
+			api.sessions.CookieClearToken(w, r)
 			utils.HttpUnauthorized(w, err)
-		} else {
-			next.ServeHTTP(w, auth.SetSession(r, session))
+			return
 		}
+
+		next.ServeHTTP(w, auth.SetSession(r, session))
 	})
 }
 

internal/api/session.go

@@ -49,7 +49,7 @@ func (api *ApiManagerCtx) Logout(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	api.sessions.CookieClearToken(w)
+	api.sessions.CookieClearToken(w, r)
 
 	utils.HttpSuccess(w, true)
 }