From 295844c72e32ae9f460e24e3f9da7def91be5db8 Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Tue, 26 Jun 2018 09:26:19 +0200
Subject: [PATCH] Fixed race condition: AJAX data fetch requests re-set
 sessions that should get deleted by logout request.

---
 app/controllers/sessions_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index d65a9711c..fef102c5f 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -114,12 +114,13 @@ class SessionsController < ApplicationController
   # "Delete" a login, aka "log the user out"
   def destroy
 
+    reset_session
+
     # Remove the user id from the session
     @_current_user = nil
 
     # reset session
     request.env['rack.session.options'][:expire_after] = nil
-    session.clear
 
     render json: {}
   end