From a621ee6d0f2e47a126313e7ddf06b44a69469690 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Wed, 23 Oct 2019 23:02:14 +0100
Subject: [PATCH] Clear nickname

---
 daemon.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/daemon.py b/daemon.py
index a3395a05..a4b0d3af 100644
--- a/daemon.py
+++ b/daemon.py
@@ -650,7 +650,7 @@ class PubServer(BaseHTTPRequestHandler):
         authorized = self._isAuthorized()
         if authorized:
             if self.path=='/':
-                if self.headers.get('Nickname'):
+                if cookie and self.headers.get('Nickname'):
                     self.path='/users/'+self.headers['Nickname']+'/inbox'
             if self.server.debug:
                 print('GET Authorization granted')
@@ -1049,7 +1049,8 @@ class PubServer(BaseHTTPRequestHandler):
             self.server.GETbusy=False
             return
 
-        if self.path.startswith('/login') or self.path=='/':
+        if self.path.startswith('/login') or \
+           (self.path=='/' and not authorized):
             # request basic auth
             msg=htmlLogin(self.server.translate,self.server.baseDir).encode('utf-8')
             self._login_headers('text/html',len(msg))
@@ -2816,10 +2817,10 @@ class PubServer(BaseHTTPRequestHandler):
                         del self.server.salts[loginNickname]
                     self.send_response(303)
                     self.send_header('Content-Length', '0')
-                    self.send_header('Set-Cookie', 'epicyon=; SameSite=Strict')
+                    self.send_header('Set-Cookie', 'epicyon=; Nickname=; SameSite=Strict')
                     self.send_header('Location', '/login')
                     self.send_header('X-Robots-Tag','noindex')
-                    self.end_headers()                    
+                    self.end_headers()
                     self.server.POSTbusy=False
                     return
                 else: