From 60769fc1fe6f17381dc67191003d87f1dbb4b3d1 Mon Sep 17 00:00:00 2001
From: Ed Yu <edyu@users.noreply.github.com>
Date: Sat, 20 May 2023 11:27:11 -0700
Subject: [PATCH] cookie max-age should be set to -1 for browser to remove the
 cookie

---
 src/http_auth.zig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/http_auth.zig b/src/http_auth.zig
index e918bef..c96592f 100644
--- a/src/http_auth.zig
+++ b/src/http_auth.zig
@@ -408,7 +408,7 @@ pub fn UserPassSessionAuth(comptime Lookup: type, comptime lockedPwLookups: bool
                 if (r.setCookie(.{
                     .name = self.settings.cookieName,
                     .value = "invalid",
-                    .max_age_s = self.settings.cookieMaxAge,
+                    .max_age_s = -1,
                 })) {
                     zap.debug("logout ok\n", .{});
                 } else |err| {
@@ -424,7 +424,7 @@ pub fn UserPassSessionAuth(comptime Lookup: type, comptime lockedPwLookups: bool
             if (r.setCookie(.{
                 .name = self.settings.cookieName,
                 .value = "invalid",
-                .max_age_s = self.settings.cookieMaxAge,
+                .max_age_s = -1,
             })) {
                 zap.debug("logout ok\n", .{});
             } else |err| {