From eddbd868372fe4c4b58218ad188317b1f80eb97b Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Tue, 18 Feb 2020 16:06:00 -0500
Subject: [PATCH] fix: tweak to session validation in addHeaders

---
 src/middleware/headers.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/middleware/headers.js b/src/middleware/headers.js
index 1de3fc5f74..453c75736f 100644
--- a/src/middleware/headers.js
+++ b/src/middleware/headers.js
@@ -55,7 +55,8 @@ module.exports = function (middleware) {
 			headers['X-Upstream-Hostname'] = os.hostname();
 		}
 
-		// Validate session
+		// Ensure that the session is valid. This block guards against edge-cases where the server-side session has
+		// been deleted (but client-side cookie still exists)
 		if (req.uid > 0 && !req.session.meta && !res.get('Set-Cookie')) {
 			res.clearCookie(nconf.get('sessionKey'), meta.configs.cookie.get());
 		}