pac4j: logout doesn't work with MongoSessionStore fix #759

Author: jknack

jooby-pac4j/src/main/java/org/jooby/internal/pac4j/AuthLogout.java

@@ -49,10 +49,12 @@ public void handle(final Request req, final Response rsp) throws Throwable {
     // DON'T create a session for JWT/param/header auth (a.k.a stateless)
     Optional<Session> ifSession = req.ifSession();
     if (ifSession.isPresent()) {
-      Optional<String> profileId = ifSession.get().unset(Auth.ID).toOptional();
+      Session session = ifSession.get();
+      Optional<String> profileId = session.unset(Auth.ID).toOptional();
       if (profileId.isPresent()) {
         Optional<CommonProfile> profile = req.require(AuthStore.class).unset(profileId.get());
         log.debug("logout {}", profile);
+        session.destroy();
       }
     } else {
       log.debug("nothing to logout from session");

jooby-pac4j/src/test/java/org/jooby/internal/pac4j/AuthLogoutTest.java

@@ -31,7 +31,7 @@ public void unset() throws Exception {
         .expect(unit -> {
           Optional<String> id = Optional.of("1");
 
-            CommonProfile profile = unit.get(CommonProfile.class);
+          CommonProfile profile = unit.get(CommonProfile.class);
 
           AuthStore store = unit.get(AuthStore.class);
           expect(store.unset("1")).andReturn(Optional.of(profile));
@@ -41,6 +41,7 @@ public void unset() throws Exception {
 
           Session session = unit.get(Session.class);
           expect(session.unset(Auth.ID)).andReturn(attr);
+          session.destroy();
         })
         .expect(unit -> {
           Response rsp = unit.get(Response.class);