2 files changed, 4 insertions, 6 deletions

diff --git a/session_app.py b/session_app.py
index 50a52fd..1743b2a 100755
--- a/session_app.py
+++ b/session_app.py
@@ -15,12 +15,11 @@
 #    _unauthorized_kerberos meta redirect from https://billstclair.com/html-redirect2.html
 #    preserve POST with code 307 https://stackoverflow.com/a/15480983/3569534
 # Improve:
-#    remove session info, when logging out?
 # Run:
 #    FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0
 # Dependencies:
-#    apt-get install python3-flask
-#    pip3 install Flask-kerberos kerberos
+#    apt-get install python3-flask python3-kerberos
+#    pip3 install Flask-kerberos
 
 from flask import Flask, Response, redirect, url_for, render_template, request, _request_ctx_stack as stack, make_response, session
 from flask_kerberos import init_kerberos, requires_authentication, _unauthorized, _forbidden, _gssapi_authenticate
@@ -335,8 +334,8 @@ def handle_login_ldap_from_non_ldap(request):
 @app.route("/logout/")
 def logout():
    resp = Response(f'<meta http-equiv="Refresh" content="1; url={url_for("index")}">logged out')
-   # Doing anything with session here leaves a cookie.
-   #session['user']=""
+   # not documented but is found on the Internet in a few random places:
+   session.clear()
    resp.set_cookie('user','',expires=0)
    resp.set_cookie('type','',expires=0)
    resp.set_cookie('session','',expires=0)
diff --git a/templates/settings.html b/templates/settings.html
index c5f6e68..884ea04 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -13,5 +13,4 @@ input {
 <p>Ldap URI <input style="width: 500px;" type="text" value="{{ ldap_uri }}" name="ldap_uri"</p>
 <p><input accesskey="s" type="submit" value="Submit"/></p>
 </form>
-</center>
 </html>