Server: Clear cookie when account has been deleted to allow viewing login page again

packages/server/src/middleware/ownerHandler.ts

@@ -1,11 +1,15 @@
 import { AppContext, KoaNext } from '../utils/types';
 import { contextSessionId } from '../utils/requestUtils';
 import { ErrorForbidden } from '../utils/errors';
+import { cookieSet } from '../utils/cookies';
 
 export default async function(ctx: AppContext, next: KoaNext): Promise<void> {
 	const sessionId = contextSessionId(ctx, false);
 	const owner = sessionId ? await ctx.joplin.models.session().sessionUser(sessionId) : null;
-	if (owner && !owner.enabled) throw new ErrorForbidden('This user account is disabled. Please contact support.');
+	if (owner && !owner.enabled) {
+		cookieSet(ctx, 'sessionId', ''); // Clear cookie, otherwise the user cannot login at all anymore
+		throw new ErrorForbidden('This user account is disabled. Please contact support.');
+	}
 	ctx.joplin.owner = owner;
 	return next();
 }