Reset multi auth to initial state

Author: ekzyis

Diff for: lib/auth.js

@@ -106,15 +106,23 @@ export function checkMultiAuthCookies (req, res) {
   return true
 }
 
-function resetMultiAuthCookies (req, res) {
+async function resetMultiAuthCookies (req, res) {
   const httpOnlyOptions = cookieOptions({ expires: 0, maxAge: 0 })
   const jsOptions = { ...httpOnlyOptions, httpOnly: false }
 
+  // remove all multi_auth cookies ...
   for (const key of Object.keys(req.cookies)) {
     if (!MULTI_AUTH_REGEXP.test(key)) continue
     const options = MULTI_AUTH_JWT_REGEXP.test(key) ? httpOnlyOptions : jsOptions
     res.appendHeader('Set-Cookie', cookie.serialize(key, '', options))
   }
+
+  // ... and reset to initial state if they are logged in
+  const token = req.cookies[SESSION_COOKIE]
+  if (!token) return
+
+  const decoded = await decodeJWT({ token, secret: process.env.NEXTAUTH_SECRET })
+  setMultiAuthCookies(req, res, { ...decoded, jwt: token })
 }
 
 async function refreshMultiAuthCookies (req, res) {
@@ -160,7 +168,7 @@ export async function multiAuthMiddleware (req, res) {
 
   const ok = checkMultiAuthCookies(req, res)
   if (!ok) {
-    resetMultiAuthCookies(req, res)
+    await resetMultiAuthCookies(req, res)
     return switchSessionCookie(req)
   }